Good work Dan! Would you be interested in providing a build option that replaces the OpenSSL dependency with something more stand-alone? Or does ossl perform a significant part of the TLS protocol work for you (vs just being used for algorithms)?
Anyone impatient for the midnight haddocking can see the docs here: http://web.cecs.pdx.edu/~dubuisst/secure-sockets-1.0/html/ Cheers, Thomas On Sun, Sep 5, 2010 at 10:26 PM, David Anderson <d...@natulte.net> wrote: > Hi, > I'm happy to announce the first release of secure-sockets, a library which > aims to simplify the task of communicating securely between two > authenticated peers. > -------------------------------------------- > -- What it is > -------------------------------------------- > The API mimicks that of Network.Socket, and introduces the additional notion > of peer identity, which is distinct from the endpoint address (host and > port). Connections can only be established between two peers who know and > expect to be communicating with each other. > Transport security is implicitly taken care of: an established > Network.Secure.Connection implies that each end of the connection > successfully authenticated to the other, and that they have setup strong > encryption for your data. > -------------------------------------------- > -- What it isn't > -------------------------------------------- > The library leans towards the "zero configuration" end of the spectrum, and > basically Just Works. This means that if you know exactly what you want and > need for the cipher, authentication algorithm, key type and length, key > exchange protocol, HMAC algorithm, rekeying intervals, random number > source... Then secure-sockets is not for you. > If on the other hand you just want to replace your current cleartext > "cipher" and faith-based "authentication" code with something that gives you > a good chance of being secure (see caveats in docs), without diving into the > rich madness that is full blown SSL, then you might want to take a look. > This library assumes that both ends of a connection are using it. The goal > of secure-sockets is not to allow you to connect to any SSL-enabled server, > or to speak a particular standard flavor of authentication protocol. > Internally, secure-sockets uses SSL to achieve its goals, so you might get > lucky if you do it just right, but that is an implementation detail. The > library is designed to help you easily secure communications between two > programs whose implementation you control, not between you and anything out > there. > -------------------------------------------- > -- Links > -------------------------------------------- > Homepage: http://secure-hs.googlecode.com/ > Hackage page: http://hackage.haskell.org/package/secure-sockets > Bug tracker: http://code.google.com/p/secure-hs/issues/list > Code repository: https://secure-hs.googlecode.com/hg > -------------------------------------------- > -- Thanks > -------------------------------------------- > I'd like to thank my employer, Google. Not only did they not get mad at the > idea that I might want to hack on Haskell during working hours (as my "20% > project"), they also made it very painless for me to open source this code > when the time came. > -------------------------------------------- > -- Questions? > -------------------------------------------- > Questions, comments, suggestions and patches can be filed in the issue > tracker, emailed directly to me, or thrown out on haskell-cafe. > Hope you find this code useful! > - Dave > _______________________________________________ > Haskell-Cafe mailing list > Haskell-Cafe@haskell.org > http://www.haskell.org/mailman/listinfo/haskell-cafe > > _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe