Index of values

__ciphersuite_of_sexp__ [Ciphersuite]
__client_extension_of_sexp__ [Core]
__server_extension_of_sexp__ [Core]
accept [Tls_lwt.Unix]

accept ?tracer server fd is t, sockaddr, after accepting a client on fd and upgrading to a TLS connection.

accept [Tls_lwt]

accept ?trace own_cert fd is (ic, oc), sockaddr, the input and output channel from the accepted connection on fd, using the default configuration with the given own_cert.

accept_ext [Tls_lwt]

accept_ext ?trace server fd is (ic, oc), sockaddr, the input and output channel from an accepted connection on the given fd, after upgrading to TLS using the server configuration.

aead_cipher_of_sexp [Ciphersuite]
alert_level_of_sexp [Packet]
alert_level_to_int [Packet]
alert_level_to_string [Packet]
alert_of_failure [Engine]

alert_of_failure failure is alert, the TLS alert type for this failure.

alert_type_of_sexp [Packet]
alert_type_to_int [Packet]
alert_type_to_string [Packet]
any_ciphersuite_of_sexp [Packet]
any_ciphersuite_to_ciphersuite [Ciphersuite]
any_ciphersuite_to_int [Packet]
any_ciphersuite_to_string [Packet]
any_version_to_version [Core]
authenticator [Tls_mirage.X509]

authenticator ~hash_whitelist ~crl store typ creates an authenticator, either using the given certificate authorities in the store as value for key "ca_roots.crt", or null.

authenticator [X509_lwt]

authenticator methods constructs an authenticator using the specified method and data.

block_cipher_of_sexp [Ciphersuite]
can_handle_appdata [Engine]

can_handle_appdata state is a predicate which indicates when the connection has already completed a handshake.

certificate [Tls_mirage.X509]

certificate store typ unmarshals a certificate chain and private key material from the store.

certs_of_pem [X509_lwt]

certs_of_pem file is certificates, which are read from the PEM-encoded file.

certs_of_pem_dir [X509_lwt]

certs_of_pem_dir dir is certificates, which are read from all PEM-encoded files in dir.

ciphersuite_fs [Ciphersuite]
ciphersuite_kex [Ciphersuite]

ciphersuite_kex ciphersuite is kex, first projection of get_kex_privprot

ciphersuite_of_sexp [Ciphersuite]
ciphersuite_privprot [Ciphersuite]

ciphersuite_privprot ciphersuite is privprot, second projection of get_kex_privprot

ciphersuite_tls12_only [Ciphersuite]
ciphersuite_to_any_ciphersuite [Ciphersuite]
ciphersuite_to_string [Ciphersuite]
client [Config]

client authenticator ?peer_name ?ciphers ?version ?hashes ?reneg ?certificates ?alpn_protocols is client configuration with the given parameters.

client [Engine]

client client is tls * out where tls is the initial state, and out the initial client hello

client_certificate_type_of_sexp [Packet]
client_certificate_type_to_int [Packet]
client_certificate_type_to_string [Packet]
client_extension_of_sexp [Core]
client_hello_of_sexp [Core]
client_of_fd [Tls_lwt.Unix]

client_of_fd ?tracer client ~host fd is t, after client-side TLS handshake of fd using client configuration and host.

client_of_flow [Tls_mirage.Make]

client_of_flow ~trace client ~host flow upgrades the existing connection to TLS using the client configuration, using host as peer name.

client_of_sexp [Config]
close [Tls_lwt.Unix]

close t closes the TLS session and the underlying file descriptor.

close_tls [Tls_lwt.Unix]

close t closes the TLS session by sending a close notify to the peer.

compare [Core.SessionID]
compare_alert_level [Packet]
compare_alert_type [Packet]
compare_any_ciphersuite [Packet]
compare_client_certificate_type [Packet]
compare_compression_method [Packet]
compare_content_type [Packet]
compare_ec_basis_type [Packet]
compare_ec_curve_type [Packet]
compare_ec_point_format [Packet]
compare_extension_type [Packet]
compare_handshake_type [Packet]
compare_hash_algorithm [Packet]
compare_max_fragment_length [Packet]
compare_named_curve_type [Packet]
compare_signature_algorithm_type [Packet]
compression_method_of_sexp [Packet]
compression_method_to_int [Packet]
compression_method_to_string [Packet]
config_of_sexp [Config]
connect [Tls_lwt.Unix]

connect ?tracer client (host, port) is t, after successful connection to host on port and TLS upgrade.

connect [Tls_lwt]

connect ?trace authenticator (host, port) is ic, oc, the input and output channel of a TLS connection to host on port using the default configuration and the authenticator.

connect_ext [Tls_lwt]

connect_ext ?trace client (host, port) is ic, oc, the input and output channel of a TLS connection to host on port using the client configuration.

content_type_of_sexp [Packet]
content_type_to_int [Packet]
content_type_to_string [Packet]
default [Config.Ciphers]

default is a list of ciphersuites this library uses by default.

default_hashes [Config]

default_hashes is a list of hash algorithms used by default

dh_group [Config]

dh_group is the default Diffie-Hellman group (currently the ffdhe2048 group from Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS)

dh_parameters_of_sexp [Core]
ec_basis_type_of_sexp [Packet]
ec_basis_type_to_int [Packet]
ec_basis_type_to_string [Packet]
ec_char_parameters_of_sexp [Core]
ec_curve_of_sexp [Core]
ec_curve_type_of_sexp [Packet]
ec_curve_type_to_int [Packet]
ec_curve_type_to_string [Packet]
ec_parameters_of_sexp [Core]
ec_point_format_of_sexp [Packet]
ec_point_format_to_int [Packet]
ec_point_format_to_string [Packet]
ec_prime_parameters_of_sexp [Core]
epoch [Tls_mirage.Make]

epoch flow extracts information of the established session.

epoch [Tls_lwt.Unix]

epoch t returns epoch, which contains information of the active session.

epoch [Engine]

epoch state is epoch, which contains the session information.

epoch_data_of_sexp [Core]
epoch_of_sexp [Engine]

epoch_of_sexp sexp is epoch, the unmarshalled sexp.

equal [Core.SessionID]
extension_type_of_sexp [Packet]
extension_type_to_int [Packet]
extension_type_to_string [Packet]
failure_of_sexp [Engine]

failure_of_sexp sexp is failure, the unmarshalled sexp.

fs [Config.Ciphers]

fs is a list of ciphersuites which provide forward secrecy (sublist of default).

fs_of [Config.Ciphers]

fs_of ciphers selects all ciphersuites which provide forward secrecy from ciphers.

get_kex_privprot [Ciphersuite]

get_kex_privprot ciphersuite is (kex, privacy_protection) where it dissects the ciphersuite into a pair containing the key exchange method kex, and its privacy_protection

get_uint24_len [Packet]
handle_tls [Engine]

handle_tls state buffer is ret, depending on incoming state and buffer, the result is the appropriate Engine.ret

handshake_in_progress [Engine]

handshake_in_progrss state is a predicate which indicates whether there is a handshake in progress or scheduled.

handshake_type_of_sexp [Packet]
handshake_type_to_int [Packet]
handshake_type_to_string [Packet]
hash [Core.SessionID]
hash_algorithm_of_sexp [Packet]
hash_algorithm_of_tag [Packet]
hash_algorithm_to_int [Packet]
hash_algorithm_to_string [Packet]
int_to_alert_level [Packet]
int_to_alert_type [Packet]
int_to_any_ciphersuite [Packet]
int_to_client_certificate_type [Packet]
int_to_compression_method [Packet]
int_to_content_type [Packet]
int_to_ec_basis_type [Packet]
int_to_ec_curve_type [Packet]
int_to_ec_point_format [Packet]
int_to_extension_type [Packet]
int_to_handshake_type [Packet]
int_to_hash_algorithm [Packet]
int_to_max_fragment_length [Packet]
int_to_named_curve_type [Packet]
int_to_signature_algorithm_type [Packet]
key_exchange_algorithm_of_sexp [Ciphersuite]
key_length [Ciphersuite]

key_length iv payload_protection is (key size, IV size, mac size) where key IV, and mac sizes are the required bytes for the given payload_protection

master_secret_of_sexp [Core]
max_fragment_length_of_sexp [Packet]
max_fragment_length_to_int [Packet]
max_fragment_length_to_string [Packet]
max_protocol_version [Core]
min_dh_size [Config]

min_dh_size is minimal diffie hellman group size in bits (currently 1024)

min_protocol_version [Core]
min_rsa_key_size [Config]

min_rsa_key_size is minimal RSA modulus key size in bits (currently 1024)

named_curve_type_of_sexp [Packet]
named_curve_type_to_int [Packet]
named_curve_type_to_string [Packet]
needs_certificate [Ciphersuite]

needs_certificate kex is a predicate which is true if the kex requires a server certificate

needs_server_kex [Ciphersuite]

needs_server_kex kex is a predicate which is true if the kex requires a server key exchange messag

of_client [Config]

of_client client is a client configuration for client

of_server [Config]

of_server server is a server configuration for server

of_t [Tls_lwt]

of_t t is ic, oc, the input and output channel.

pair_of_tls_any_version [Core]
pair_of_tls_version [Core]
payload_protection_of_sexp [Ciphersuite]
peer [Config]

peer client name is client with name as peer_name

private_of_pems [X509_lwt]

private_of_pems ~cert ~priv_key is priv, after reading the private key and certificate chain from the given PEM-encoded files.

read [Tls_lwt.Unix]

read t buffer is length, the number of bytes read into buffer.

read_bytes [Tls_lwt.Unix]

read_bytes t bytes offset len is read_bytes, the amount of bytes read.

reneg [Tls_mirage.Make]

reneg ~authenticator ~acceptable_cas ~cert ~drop t renegotiates the session, and blocks until the renegotiation finished.

reneg [Tls_lwt.Unix]

reneg ~authenticator ~acceptable_cas ~cert ~drop t renegotiates the session, and blocks until the renegotiation finished.

reneg [Engine]

reneg ~authenticator ~acceptable_cas ~cert tls initiates a renegotation on tls, using the provided authenticator.

required_keytype_and_usage [Ciphersuite]

required_keytype_and_usage kex is (keytype, usage) which a certificate must have if it is used in the given kex method

send_application_data [Engine]

send_application_data tls outs is (tls' * out) option where tls' is the new tls state, and out the cstruct to send over the wire (encrypted outs).

send_close_notify [Engine]

send_close_notify tls is tls' * out where tls' is the new tls state, and out the (possible encrypted) close notify alert.

server [Config]

server ?ciphers ?version ?hashes ?reneg ?certificates ?acceptable_cas ?authenticator ?alpn_protocols is server configuration with the given parameters.

server [Engine]

server server is tls where tls is the initial server state

server_extension_of_sexp [Core]
server_hello_of_sexp [Core]
server_of_fd [Tls_lwt.Unix]

server_of_fd ?tracer server fd is t, after server-side TLS handshake of fd using server configuration.

server_of_flow [Tls_mirage.Make]

server_of_flow ?tracer server flow upgrades the flow to a TLS connection using the server configuration.

server_of_sexp [Config]
set_uint24_len [Packet]
sexp_of_aead_cipher [Ciphersuite]
sexp_of_alert_level [Packet]
sexp_of_alert_type [Packet]
sexp_of_any_ciphersuite [Packet]
sexp_of_block_cipher [Ciphersuite]
sexp_of_ciphersuite [Ciphersuite]
sexp_of_client [Config]
sexp_of_client_certificate_type [Packet]
sexp_of_client_extension [Core]
sexp_of_client_hello [Core]
sexp_of_compression_method [Packet]
sexp_of_config [Config]
sexp_of_content_type [Packet]
sexp_of_dh_parameters [Core]
sexp_of_ec_basis_type [Packet]
sexp_of_ec_char_parameters [Core]
sexp_of_ec_curve [Core]
sexp_of_ec_curve_type [Packet]
sexp_of_ec_parameters [Core]
sexp_of_ec_point_format [Packet]
sexp_of_ec_prime_parameters [Core]
sexp_of_epoch [Engine]

sexp_of_epoch epoch is sexp, the marshalled epoch.

sexp_of_epoch_data [Core]
sexp_of_extension_type [Packet]
sexp_of_failure [Engine]

sexp_of_failure failure is sexp, the marshalled failure.

sexp_of_handshake_type [Packet]
sexp_of_hash_algorithm [Packet]
sexp_of_key_exchange_algorithm [Ciphersuite]
sexp_of_master_secret [Core]
sexp_of_max_fragment_length [Packet]
sexp_of_named_curve_type [Packet]
sexp_of_payload_protection [Ciphersuite]
sexp_of_server [Config]
sexp_of_server_extension [Core]
sexp_of_server_hello [Core]
sexp_of_signature_algorithm_type [Packet]
sexp_of_stream_cipher [Ciphersuite]
sexp_of_t [Core.Cert]
sexp_of_t [Core.SessionID]
sexp_of_tls_alert [Core]
sexp_of_tls_any_version [Core]
sexp_of_tls_body [Core]
sexp_of_tls_handshake [Core]
sexp_of_tls_hdr [Core]
sexp_of_tls_version [Core]
signature_algorithm_type_of_sexp [Packet]
signature_algorithm_type_to_int [Packet]
signature_algorithm_type_to_string [Packet]
stream_cipher_of_sexp [Ciphersuite]
string_of_failure [Engine]

string_of_failure failure is string, the string representation of the failure.

string_to_alert_level [Packet]
string_to_alert_type [Packet]
string_to_any_ciphersuite [Packet]
string_to_client_certificate_type [Packet]
string_to_compression_method [Packet]
string_to_content_type [Packet]
string_to_ec_basis_type [Packet]
string_to_ec_curve_type [Packet]
string_to_ec_point_format [Packet]
string_to_extension_type [Packet]
string_to_handshake_type [Packet]
string_to_hash_algorithm [Packet]
string_to_max_fragment_length [Packet]
string_to_named_curve_type [Packet]
string_to_signature_algorithm_type [Packet]
supported [Config.Ciphers]

supported is a list of ciphersuites this library supports (larger than default).

supported_hashes [Config]

supported_hashes is a list of supported hash algorithms by this library

supports_extended_key_usage [Core]
supports_key_usage [Core]
t_of_sexp [Core.Cert]
t_of_sexp [Core.SessionID]
tag_of_hash_algorithm [Packet]

tag_of_hash_algorithm hash_algorithm is tag for the given hash_algorithm

tls_alert_of_sexp [Core]
tls_any_version_of_pair [Core]
tls_any_version_of_sexp [Core]
tls_body_of_sexp [Core]
tls_handshake_of_sexp [Core]
tls_hdr_of_sexp [Core]
tls_version_of_pair [Core]
tls_version_of_sexp [Core]
version_eq [Core]
version_ge [Core]
with_acceptable_cas [Config]

with_acceptable_cas config cas is config with cas as accepted_cas

with_authenticator [Config]

with_authenticator config auth is config with auth as authenticator

with_own_certificates [Config]

with_own_certificates config cert is config with cert as own_cert

write [Tls_lwt.Unix]

write t buffer writes the buffer to the session.

write_bytes [Tls_lwt.Unix]

write_bytes t bytes offset length writes length bytes of bytes starting at offset to the session.

writev [Tls_lwt.Unix]

writev t buffers writes the buffers to the session.