module Config

: sig

Configuration of the TLS stack

type own_cert = Certificate.certificate list * Nocrypto.Rsa.priv

certificate chain and private key of the first certificate

type config = private {

# ciphers	: Ciphersuite.ciphersuite list	;	(*	ordered list (regarding preference) of supported cipher suites	*)
# protocol_versions	: Core.tls_version * Core.tls_version	;	(*	supported protocol versions (min, max)	*)
# hashes	: Nocrypto.Hash.hash list	;	(*	ordered list of supported hash algorithms (regarding preference)	*)
# use_reneg	: bool	;	(*	endpoint should accept renegotiation requests	*)
# secure_reneg	: bool	;	(*	other end must use secure renegotiation (RFC 5746)	*)
# authenticator	: X509.Authenticator.t option	;	(*	optional X509 authenticator	*)
# peer_name	: string option	;	(*	optional name of other endpoint (used for SNI RFC4366)	*)
# own_certificate	: own_cert option	;	(*	optional certificate chain	*)

}

configuration parameters

module Ciphers : sig

Cipher selection related utilities.

val supported : Ciphersuite.ciphersuite list

All the ciphers this library can use.

val pfs : Ciphersuite.ciphersuite list

All the PFS ciphers this library can use.

val pfs_of : Ciphersuite.ciphersuite list -> Ciphersuite.ciphersuite list

pfs_of ciphers selects only PFS ciphers.

end

val supported_hashes : Nocrypto.Hash.hash list

supported_hashes is a list of supported hash algorithms by this library

val min_dh_size : int

min_dh_size is minimal diffie hellman group size in bits (currently 512)

val min_rsa_key_size : int

min_rsa_key_size is minimal RSA modulus key size in bits (currently 1024)

type client

opaque type of a client configuration

type server

opaque type of a server configuration

val peer : client -> string -> client

peer client name is client with name as peer_name

val of_client : client -> config

of_client client is a client configuration for client

val of_server : server -> config

of_server server is a server configuration for server

client_exn ?ciphers ?version ?hashes ?reneg ?validator ?secure_reneg is client configuration with the given parameters

val client : authenticator:X509.Authenticator.t -> ?ciphers:Ciphersuite.ciphersuite list -> ?version:Core.tls_version * Core.tls_version -> ?hashes:Nocrypto.Hash.hash list -> ?reneg:bool -> ?secure_reneg:bool -> unit -> client

Raises Invalid_argument if the configuration is invalid

server_exn ?ciphers ?version ?hashes ?reneg ?certificate ?secure_reneg is server configuration with the given parameters

val server : ?ciphers:Ciphersuite.ciphersuite list -> ?version:Core.tls_version * Core.tls_version -> ?hashes:Nocrypto.Hash.hash list -> ?reneg:bool -> ?certificate:own_cert -> ?secure_reneg:bool -> unit -> server

Raises Invalid_argument if the configuration is invalid

val config_of_sexp : Sexplib.Sexp.t -> config

val sexp_of_config : config -> Sexplib.Sexp.t

end