Re: [Haskell-cafe] ANNOUNCE: tls, native TLS/SSL protocol implementation

On Thu, Oct 07, 2010 at 12:29:51AM +0200, Christopher Done wrote:

On 6 October 2010 23:26, Vincent Hanquez wrote:

...

I'ld like to announce the tls package [1][2], which is a native implementation of the TLS protocol, client and server.  It's currently mostly supporting SSL3, TLS1.0 and TLS1.1.  It's got *lots* of rough edges, and a bunch of unsupported features, but it's humming along, and at each iteration it's becoming more tighly secure and featureful.

Wow, great! So might we be able to combine this with Network.HTTP some day? I am interested in moving away from C libraries (curl) to pure Haskell libraries, for a safer, richer Haskell ecosystem and for solving the interesting problems.

That's one of the goal of this library. Ultimately I want something more flexible than usual APIs in traditional libraries; TLS can do lots of things, that are not typically exposed by others libraries. Otherwise more pratically, there's michael's http-enumerator. I hope i'll see more package depending on tls in the future instead of gnutls/openssl bindings.

Will you eventually add benchmarks?

This is on my TODO list but the priority is quite low; I'm trying to focus on correctness and security for now. However I suspect what does make the biggest difference is the crypto implementation that is used, and the current dependencies should be all reasonable (cryptohash is close to C performance level with hashes, the AES package has a pretty fast implementation, ghc seems quite good with big number benefiting RSA, ..). -- Vincent Hnquez