From 4b29ee7cf024e1376986c674f36685be903cf644 Mon Sep 17 00:00:00 2001
From: Hannes Mehnert <hannes@mehnert.org>
Date: Mon, 28 Oct 2024 21:33:30 +0100
Subject: [PATCH] Update tls doc to 1.0.4.

---
 doc/index.html                                |   7 +-
 doc/tls-async/Tls_async/Session/Fd/index.html |   2 +
 doc/tls-async/Tls_async/Session/index.html    |  12 +
 .../X509_async/Authenticator/Param/index.html |  15 +
 .../X509_async/Authenticator/index.html       |  21 +
 .../Tls_async/X509_async/CRL/index.html       |  41 ++
 .../X509_async/Certificate/index.html         |  16 +
 .../X509_async/Distinguished_name/index.html  |   7 +
 .../X509_async/OCSP/Request/index.html        |  22 +
 .../X509_async/OCSP/Response/index.html       |  38 ++
 .../Tls_async/X509_async/OCSP/index.html      |   6 +
 .../Tls_async/X509_async/PKCS12/index.html    |  17 +
 .../X509_async/Private_key/index.html         |  15 +
 .../X509_async/Public_key/index.html          |   8 +
 .../X509_async/Signing_request/index.html     |  22 +
 doc/tls-async/Tls_async/X509_async/index.html |   2 +
 doc/tls-async/Tls_async/index.html            |  31 ++
 doc/tls-async/index.html                      |   2 +
 doc/tls-eio/Tls_eio/index.html                |  15 +
 doc/tls-eio/X509_eio/index.html               |  14 +
 doc/tls-eio/index.html                        |   2 +
 doc/tls-lwt/Tls_lwt/Unix/index.html           |  22 +
 doc/tls-lwt/Tls_lwt/index.html                |  11 +
 doc/tls-lwt/X509_lwt/index.html               |  14 +
 doc/tls-lwt/index.html                        |   2 +
 doc/tls-miou-unix/Tls_miou_unix/index.html    |   8 +-
 doc/tls-mirage/Tls_mirage/Make/index.html     |  20 +
 doc/tls-mirage/Tls_mirage/X509/index.html     |   9 +
 doc/tls-mirage/Tls_mirage/index.html          |   2 +
 doc/tls-mirage/index.html                     |   2 +
 doc/tls/Tls/Ciphersuite/index.html            | 513 ++++++++++++++++++
 doc/tls/Tls/Config/Ciphers/index.html         |   2 +
 doc/tls/Tls/Config/index.html                 |  32 ++
 doc/tls/Tls/Core/PreSharedKeyID/index.html    |   2 +
 doc/tls/Tls/Core/SessionID/index.html         |   2 +
 doc/tls/Tls/Core/Tracing/index.html           |  15 +
 doc/tls/Tls/Core/index.html                   | 187 +++++++
 doc/tls/Tls/Crypto/Ciphers/index.html         |  13 +
 doc/tls/Tls/Crypto/index.html                 |  31 ++
 doc/tls/Tls/Engine/index.html                 |  34 ++
 doc/tls/Tls/Explorator/index.html             |   2 +
 doc/tls/Tls/Handshake_client/index.html       |  14 +
 doc/tls/Tls/Handshake_client13/index.html     | 131 +++++
 doc/tls/Tls/Handshake_common/Group/index.html |   2 +
 .../Tls/Handshake_common/GroupSet/index.html  |   2 +
 doc/tls/Tls/Handshake_common/index.html       | 254 +++++++++
 doc/tls/Tls/Handshake_crypto/index.html       |  23 +
 doc/tls/Tls/Handshake_crypto13/index.html     |  57 ++
 doc/tls/Tls/Handshake_server/index.html       |  12 +
 doc/tls/Tls/Handshake_server13/index.html     | 123 +++++
 doc/tls/Tls/Packet/index.html                 |  33 ++
 doc/tls/Tls/Reader/index.html                 |  49 ++
 doc/tls/Tls/State/index.html                  | 292 ++++++++++
 doc/tls/Tls/Utils/List_set/index.html         |   2 +
 doc/tls/Tls/Utils/index.html                  |   2 +
 doc/tls/Tls/Writer/index.html                 |  15 +
 doc/tls/Tls/index.html                        |   2 +
 doc/tls/index.html                            |   2 +
 58 files changed, 2248 insertions(+), 5 deletions(-)
 create mode 100644 doc/tls-async/Tls_async/Session/Fd/index.html
 create mode 100644 doc/tls-async/Tls_async/Session/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/Authenticator/Param/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/Authenticator/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/CRL/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/Certificate/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/Distinguished_name/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/OCSP/Request/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/OCSP/Response/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/OCSP/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/PKCS12/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/Private_key/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/Public_key/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/Signing_request/index.html
 create mode 100644 doc/tls-async/Tls_async/X509_async/index.html
 create mode 100644 doc/tls-async/Tls_async/index.html
 create mode 100644 doc/tls-async/index.html
 create mode 100644 doc/tls-eio/Tls_eio/index.html
 create mode 100644 doc/tls-eio/X509_eio/index.html
 create mode 100644 doc/tls-eio/index.html
 create mode 100644 doc/tls-lwt/Tls_lwt/Unix/index.html
 create mode 100644 doc/tls-lwt/Tls_lwt/index.html
 create mode 100644 doc/tls-lwt/X509_lwt/index.html
 create mode 100644 doc/tls-lwt/index.html
 create mode 100644 doc/tls-mirage/Tls_mirage/Make/index.html
 create mode 100644 doc/tls-mirage/Tls_mirage/X509/index.html
 create mode 100644 doc/tls-mirage/Tls_mirage/index.html
 create mode 100644 doc/tls-mirage/index.html
 create mode 100644 doc/tls/Tls/Ciphersuite/index.html
 create mode 100644 doc/tls/Tls/Config/Ciphers/index.html
 create mode 100644 doc/tls/Tls/Config/index.html
 create mode 100644 doc/tls/Tls/Core/PreSharedKeyID/index.html
 create mode 100644 doc/tls/Tls/Core/SessionID/index.html
 create mode 100644 doc/tls/Tls/Core/Tracing/index.html
 create mode 100644 doc/tls/Tls/Core/index.html
 create mode 100644 doc/tls/Tls/Crypto/Ciphers/index.html
 create mode 100644 doc/tls/Tls/Crypto/index.html
 create mode 100644 doc/tls/Tls/Engine/index.html
 create mode 100644 doc/tls/Tls/Explorator/index.html
 create mode 100644 doc/tls/Tls/Handshake_client/index.html
 create mode 100644 doc/tls/Tls/Handshake_client13/index.html
 create mode 100644 doc/tls/Tls/Handshake_common/Group/index.html
 create mode 100644 doc/tls/Tls/Handshake_common/GroupSet/index.html
 create mode 100644 doc/tls/Tls/Handshake_common/index.html
 create mode 100644 doc/tls/Tls/Handshake_crypto/index.html
 create mode 100644 doc/tls/Tls/Handshake_crypto13/index.html
 create mode 100644 doc/tls/Tls/Handshake_server/index.html
 create mode 100644 doc/tls/Tls/Handshake_server13/index.html
 create mode 100644 doc/tls/Tls/Packet/index.html
 create mode 100644 doc/tls/Tls/Reader/index.html
 create mode 100644 doc/tls/Tls/State/index.html
 create mode 100644 doc/tls/Tls/Utils/List_set/index.html
 create mode 100644 doc/tls/Tls/Utils/index.html
 create mode 100644 doc/tls/Tls/Writer/index.html
 create mode 100644 doc/tls/Tls/index.html
 create mode 100644 doc/tls/index.html

diff --git a/doc/index.html b/doc/index.html
index 9f457d2e..918437b8 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -11,7 +11,12 @@
       <div class="by-name">
       <h2>OCaml package documentation</h2>
       <ol>
-      <li><a href="tls-miou-unix/index.html">tls-miou-unix</a> <span class="version">1.0.3</span></li>
+      <li><a href="tls/index.html">tls</a> <span class="version">1.0.4</span></li>
+      <li><a href="tls-async/index.html">tls-async</a> <span class="version">1.0.4</span></li>
+      <li><a href="tls-eio/index.html">tls-eio</a> <span class="version">1.0.4</span></li>
+      <li><a href="tls-lwt/index.html">tls-lwt</a> <span class="version">1.0.4</span></li>
+      <li><a href="tls-miou-unix/index.html">tls-miou-unix</a> <span class="version">1.0.4</span></li>
+      <li><a href="tls-mirage/index.html">tls-mirage</a> <span class="version">1.0.4</span></li>
       </ol>
       </div>
     </main>
diff --git a/doc/tls-async/Tls_async/Session/Fd/index.html b/doc/tls-async/Tls_async/Session/Fd/index.html
new file mode 100644
index 00000000..f8c6f2be
--- /dev/null
+++ b/doc/tls-async/Tls_async/Session/Fd/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Fd (tls-async.Tls_async.Session.Fd)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls-async</a> &#x00BB; <a href="../../index.html">Tls_async</a> &#x00BB; <a href="../index.html">Session</a> &#x00BB; Fd</nav><header class="odoc-preamble"><h1>Module <code><span>Session.Fd</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = <span class="xref-unresolved">Async</span>.Reader.t * <span class="xref-unresolved">Async</span>.Writer.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-read"><a href="#val-read" class="anchor"></a><code><span><span class="keyword">val</span> read : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span>bytes <span class="arrow">&#45;&gt;</span></span> <span><span>[ <span>`Ok of int</span> <span>| `Eof</span> ]</span> <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-write_full"><a href="#val-write_full" class="anchor"></a><code><span><span class="keyword">val</span> write_full : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/Session/index.html b/doc/tls-async/Tls_async/Session/index.html
new file mode 100644
index 00000000..3f45592f
--- /dev/null
+++ b/doc/tls-async/Tls_async/Session/index.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Session (tls-async.Tls_async.Session)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls-async</a> &#x00BB; <a href="../index.html">Tls_async</a> &#x00BB; Session</nav><header class="odoc-preamble"><h1>Module <code><span>Tls_async.Session</span></code></h1><p>Low-level API for working with TLS sessions. Most applications should use the high-level API below</p></header><nav class="odoc-toc"><ul><li><a href="#constructors">Constructors</a></li><li><a href="#common-stream-operations">Common stream operations</a></li></ul></nav><div class="odoc-content"><div class="odoc-spec"><div class="spec module anchored" id="module-Fd"><a href="#module-Fd" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Fd/index.html">Fd</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span></code></div><div class="spec-doc"><p>Abstract type of a session</p></div></div><h3 id="constructors"><a href="#constructors" class="anchor"></a>Constructors</h3><div class="odoc-spec"><div class="spec value anchored" id="val-server_of_fd"><a href="#val-server_of_fd" class="anchor"></a><code><span><span class="keyword">val</span> server_of_fd : <span><a href="../../../tls/Tls/Config/index.html#type-server">Tls.Config.server</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="Fd/index.html#type-t">Fd.t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div><div class="spec-doc"><p><code>server_of_fd server fd</code> is <code>t</code>, after server-side TLS handshake of <code>fd</code> using <code>server</code> configuration.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-client_of_fd"><a href="#val-client_of_fd" class="anchor"></a><code><span><span class="keyword">val</span> client_of_fd : 
+  <span><a href="../../../tls/Tls/Config/index.html#type-client">Tls.Config.client</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?host</span>:<span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="Fd/index.html#type-t">Fd.t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div><div class="spec-doc"><p><code>client_of_fd client ~host fd</code> is <code>t</code>, after client-side TLS handshake of <code>fd</code> using <code>client</code> configuration and <code>host</code>.</p></div></div><h3 id="common-stream-operations"><a href="#common-stream-operations" class="anchor"></a>Common stream operations</h3><div class="odoc-spec"><div class="spec value anchored" id="val-read"><a href="#val-read" class="anchor"></a><code><span><span class="keyword">val</span> read : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span>bytes <span class="arrow">&#45;&gt;</span></span> <span>int <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div><div class="spec-doc"><p><code>read t buffer</code> is <code>length</code>, the number of bytes read into <code>buffer</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-writev"><a href="#val-writev" class="anchor"></a><code><span><span class="keyword">val</span> writev : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span>string list</span> <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div><div class="spec-doc"><p><code>writev t buffers</code> writes the <code>buffers</code> to the session.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-close_tls"><a href="#val-close_tls" class="anchor"></a><code><span><span class="keyword">val</span> close_tls : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div><div class="spec-doc"><p><code>close t</code> closes the TLS session by sending a close notify to the peer.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-reneg"><a href="#val-reneg" class="anchor"></a><code><span><span class="keyword">val</span> reneg : 
+  <span><span class="optlabel">?authenticator</span>:<span class="xref-unresolved">X509</span>.Authenticator.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?acceptable_cas</span>:<span><span class="xref-unresolved">X509</span>.Distinguished_name.t list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?cert</span>:<a href="../../../tls/Tls/Config/index.html#type-own_cert">Tls.Config.own_cert</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?drop</span>:bool <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>unit <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div><div class="spec-doc"><p><code>reneg ~authenticator ~acceptable_cas ~cert ~drop t</code> renegotiates the session, and blocks until the renegotiation finished. Optionally, a new <code>authenticator</code> and <code>acceptable_cas</code> can be used. The own certificate can be adjusted by <code>cert</code>. If <code>drop</code> is <code>true</code> (the default), application data received before the renegotiation finished is dropped.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-key_update"><a href="#val-key_update" class="anchor"></a><code><span><span class="keyword">val</span> key_update : <span><span class="optlabel">?request</span>:bool <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div><div class="spec-doc"><p><code>key_update ~request t</code> updates the traffic key and requests a traffic key update from the peer if <code>request</code> is provided and <code>true</code> (the default). This is only supported in TLS 1.3.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-epoch"><a href="#val-epoch" class="anchor"></a><code><span><span class="keyword">val</span> epoch : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="../../../tls/Tls/Core/index.html#type-epoch_data">Tls.Core.epoch_data</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div><div class="spec-doc"><p><code>epoch t</code> returns <code>epoch</code>, which contains information of the active session.</p></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/Authenticator/Param/index.html b/doc/tls-async/Tls_async/X509_async/Authenticator/Param/index.html
new file mode 100644
index 00000000..cea9d6c8
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/Authenticator/Param/index.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Param (tls-async.Tls_async.X509_async.Authenticator.Param)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../../index.html">tls-async</a> &#x00BB; <a href="../../../index.html">Tls_async</a> &#x00BB; <a href="../../index.html">X509_async</a> &#x00BB; <a href="../index.html">Authenticator</a> &#x00BB; Param</nav><header class="odoc-preamble"><h1>Module <code><span>Authenticator.Param</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ca_file"><a href="#val-ca_file" class="anchor"></a><code><span><span class="keyword">val</span> ca_file : 
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?crls</span>:<span class="xref-unresolved">Core</span>.Filename.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Core</span>.Filename.t <span class="arrow">&#45;&gt;</span></span>
+  <span>unit <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ca_dir"><a href="#val-ca_dir" class="anchor"></a><code><span><span class="keyword">val</span> ca_dir : 
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?crls</span>:<span class="xref-unresolved">Core</span>.Filename.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Core</span>.Filename.t <span class="arrow">&#45;&gt;</span></span>
+  <span>unit <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-cert_fingerprint"><a href="#val-cert_fingerprint" class="anchor"></a><code><span><span class="keyword">val</span> cert_fingerprint : <span><span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div><div class="spec-doc"><p>The fingerprint can be collected from a browser or by invoking an openssl command like 'openssl x509 -in &lt;pem_file&gt; -noout -fingerprint -sha256'</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-key_fingerprint"><a href="#val-key_fingerprint" class="anchor"></a><code><span><span class="keyword">val</span> key_fingerprint : <span><span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div><div class="spec-doc"><p>The fingerprint can be collected from a browser or by invoking an openssl command like 'openssl x509 -in &lt;pem_file&gt; -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -sha256'</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-time"><a href="#val-time" class="anchor"></a><code><span><span class="keyword">val</span> time : <span>unit <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Ptime</span>.t option</span></span></code></div><div class="spec-doc"><p>Async programs often don't use <code>Ptime_clock</code>, so this is provided as a convenience function. Relies on <code>Unix.gettimeofday</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-to_authenticator"><a href="#val-to_authenticator" class="anchor"></a><code><span><span class="keyword">val</span> to_authenticator : 
+  <span><span class="label">time</span>:<span>(<span>unit <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Ptime</span>.t option</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">{Authenticator}7</span>.t <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/Authenticator/index.html b/doc/tls-async/Tls_async/X509_async/Authenticator/index.html
new file mode 100644
index 00000000..07f5089f
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/Authenticator/index.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Authenticator (tls-async.Tls_async.X509_async.Authenticator)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls-async</a> &#x00BB; <a href="../../index.html">Tls_async</a> &#x00BB; <a href="../index.html">X509_async</a> &#x00BB; Authenticator</nav><header class="odoc-preamble"><h1>Module <code><span>X509_async.Authenticator</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> =
+  <span><span class="optlabel">?ip</span>:<span class="xref-unresolved">Ipaddr</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">host</span>:<span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span class="xref-unresolved">X509</span>.Certificate.t list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span class="xref-unresolved">X509</span>.Validation.r</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-chain_of_trust"><a href="#val-chain_of_trust" class="anchor"></a><code><span><span class="keyword">val</span> chain_of_trust : 
+  <span><span class="label">time</span>:<span>(<span>unit <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Ptime</span>.t option</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?crls</span>:<span><span class="xref-unresolved">X509</span>.CRL.t list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span class="xref-unresolved">X509</span>.Certificate.t list</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-key_fingerprint"><a href="#val-key_fingerprint" class="anchor"></a><code><span><span class="keyword">val</span> key_fingerprint : 
+  <span><span class="label">time</span>:<span>(<span>unit <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Ptime</span>.t option</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">hash</span>:<span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">fingerprint</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-cert_fingerprint"><a href="#val-cert_fingerprint" class="anchor"></a><code><span><span class="keyword">val</span> cert_fingerprint : 
+  <span><span class="label">time</span>:<span>(<span>unit <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Ptime</span>.t option</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">hash</span>:<span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">fingerprint</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_string"><a href="#val-of_string" class="anchor"></a><code><span><span class="keyword">val</span> of_string : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span><span>(<span>unit <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Ptime</span>.t option</span>)</span> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a>, <span>[&gt; <span>`Msg of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Param"><a href="#module-Param" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Param/index.html">Param</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/CRL/index.html b/doc/tls-async/Tls_async/X509_async/CRL/index.html
new file mode 100644
index 00000000..697420f9
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/CRL/index.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>CRL (tls-async.Tls_async.X509_async.CRL)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls-async</a> &#x00BB; <a href="../../index.html">Tls_async</a> &#x00BB; <a href="../index.html">X509_async</a> &#x00BB; CRL</nav><header class="odoc-preamble"><h1>Module <code><span>X509_async.CRL</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = <span class="xref-unresolved">X509</span>.CRL.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_der"><a href="#val-encode_der" class="anchor"></a><code><span><span class="keyword">val</span> encode_der : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-issuer"><a href="#val-issuer" class="anchor"></a><code><span><span class="keyword">val</span> issuer : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">X509</span>.Distinguished_name.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-this_update"><a href="#val-this_update" class="anchor"></a><code><span><span class="keyword">val</span> this_update : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">Ptime</span>.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-next_update"><a href="#val-next_update" class="anchor"></a><code><span><span class="keyword">val</span> next_update : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Ptime</span>.t option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-revoked_cert"><a href="#type-revoked_cert" class="anchor"></a><code><span><span class="keyword">type</span> revoked_cert</span><span> = <span class="xref-unresolved">X509</span>.CRL.revoked_cert</span><span> = </span><span>{</span></code><ol><li id="type-revoked_cert.serial" class="def record field anchored"><a href="#type-revoked_cert.serial" class="anchor"></a><code><span>serial : string;</span></code></li><li id="type-revoked_cert.date" class="def record field anchored"><a href="#type-revoked_cert.date" class="anchor"></a><code><span>date : <span class="xref-unresolved">Ptime</span>.t;</span></code></li><li id="type-revoked_cert.extensions" class="def record field anchored"><a href="#type-revoked_cert.extensions" class="anchor"></a><code><span>extensions : <span class="xref-unresolved">X509</span>.Extension.t;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-reason"><a href="#val-reason" class="anchor"></a><code><span><span class="keyword">val</span> reason : <span><a href="#type-revoked_cert">revoked_cert</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">X509</span>.Extension.reason option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-revoked_certificates"><a href="#val-revoked_certificates" class="anchor"></a><code><span><span class="keyword">val</span> revoked_certificates : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-revoked_cert">revoked_cert</a> list</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-extensions"><a href="#val-extensions" class="anchor"></a><code><span><span class="keyword">val</span> extensions : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">X509</span>.Extension.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-crl_number"><a href="#val-crl_number" class="anchor"></a><code><span><span class="keyword">val</span> crl_number : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span>int option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-signature_algorithm"><a href="#val-signature_algorithm" class="anchor"></a><code><span><span class="keyword">val</span> signature_algorithm : 
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span class="xref-unresolved">X509</span>.Key_type.signature_scheme * <span class="xref-unresolved">Digestif</span>.hash')</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-validate"><a href="#val-validate" class="anchor"></a><code><span><span class="keyword">val</span> validate : 
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Public_key.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(unit, <span>[&gt; <span class="xref-unresolved">X509</span>.Validation.signature_error ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-verification_error"><a href="#type-verification_error" class="anchor"></a><code><span><span class="keyword">type</span> verification_error</span><span> = </span><span>[ </span></code><ol><li id="type-verification_error.Bad_encoding" class="def variant constructor anchored"><a href="#type-verification_error.Bad_encoding" class="anchor"></a><code><span>| </span><span>`Bad_encoding <span class="keyword">of</span> <span class="xref-unresolved">X509</span>.Distinguished_name.t * string * string</span></code></li><li id="type-verification_error.Bad_signature" class="def variant constructor anchored"><a href="#type-verification_error.Bad_signature" class="anchor"></a><code><span>| </span><span>`Bad_signature <span class="keyword">of</span> <span class="xref-unresolved">X509</span>.Distinguished_name.t * string</span></code></li><li id="type-verification_error.Hash_not_allowed" class="def variant constructor anchored"><a href="#type-verification_error.Hash_not_allowed" class="anchor"></a><code><span>| </span><span>`Hash_not_allowed <span class="keyword">of</span>
+  <span class="xref-unresolved">X509</span>.Distinguished_name.t
+  * <span>[ `MD5 <span>| `SHA1</span> <span>| `SHA224</span> <span>| `SHA256</span> <span>| `SHA384</span> <span>| `SHA512</span> ]</span></span></code></li><li id="type-verification_error.Issuer_subject_mismatch" class="def variant constructor anchored"><a href="#type-verification_error.Issuer_subject_mismatch" class="anchor"></a><code><span>| </span><span>`Issuer_subject_mismatch <span class="keyword">of</span>
+  <span class="xref-unresolved">X509</span>.Distinguished_name.t * <span class="xref-unresolved">X509</span>.Distinguished_name.t</span></code></li><li id="type-verification_error.Msg" class="def variant constructor anchored"><a href="#type-verification_error.Msg" class="anchor"></a><code><span>| </span><span>`Msg <span class="keyword">of</span> string</span></code></li><li id="type-verification_error.Next_update_scheduled" class="def variant constructor anchored"><a href="#type-verification_error.Next_update_scheduled" class="anchor"></a><code><span>| </span><span>`Next_update_scheduled <span class="keyword">of</span> <span class="xref-unresolved">X509</span>.Distinguished_name.t * <span class="xref-unresolved">Ptime</span>.t * <span class="xref-unresolved">Ptime</span>.t</span></code></li><li id="type-verification_error.Not_yet_valid" class="def variant constructor anchored"><a href="#type-verification_error.Not_yet_valid" class="anchor"></a><code><span>| </span><span>`Not_yet_valid <span class="keyword">of</span> <span class="xref-unresolved">X509</span>.Distinguished_name.t * <span class="xref-unresolved">Ptime</span>.t * <span class="xref-unresolved">Ptime</span>.t</span></code></li><li id="type-verification_error.Unsupported_algorithm" class="def variant constructor anchored"><a href="#type-verification_error.Unsupported_algorithm" class="anchor"></a><code><span>| </span><span>`Unsupported_algorithm <span class="keyword">of</span> <span class="xref-unresolved">X509</span>.Distinguished_name.t * string</span></code></li><li id="type-verification_error.Unsupported_keytype" class="def variant constructor anchored"><a href="#type-verification_error.Unsupported_keytype" class="anchor"></a><code><span>| </span><span>`Unsupported_keytype <span class="keyword">of</span> <span class="xref-unresolved">X509</span>.Distinguished_name.t * <span class="xref-unresolved">X509</span>.Public_key.t</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_verification_error"><a href="#val-pp_verification_error" class="anchor"></a><code><span><span class="keyword">val</span> pp_verification_error : <span><a href="#type-verification_error">verification_error</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-verify"><a href="#val-verify" class="anchor"></a><code><span><span class="keyword">val</span> verify : 
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?time</span>:<span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Certificate.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(unit, <span>[&gt; <a href="#type-verification_error">verification_error</a> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-is_revoked"><a href="#val-is_revoked" class="anchor"></a><code><span><span class="keyword">val</span> is_revoked : 
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">issuer</span>:<span class="xref-unresolved">X509</span>.Certificate.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">cert</span>:<span class="xref-unresolved">X509</span>.Certificate.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="#type-t">t</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_der"><a href="#val-decode_der" class="anchor"></a><code><span><span class="keyword">val</span> decode_der : <span><span class="label">contents</span>:string <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-revoke"><a href="#val-revoke" class="anchor"></a><code><span><span class="keyword">val</span> revoke : 
+  <span><span class="optlabel">?digest</span>:<span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">issuer</span>:<a href="../Distinguished_name/index.html#type-t">Distinguished_name.t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">this_update</span>:<span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?next_update</span>:<span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?extensions</span>:<span class="xref-unresolved">Extension</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="#type-revoked_cert">revoked_cert</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Private_key/index.html#type-t">Private_key.t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-revoke_certificate"><a href="#val-revoke_certificate" class="anchor"></a><code><span><span class="keyword">val</span> revoke_certificate : 
+  <span><a href="#type-revoked_cert">revoked_cert</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">this_update</span>:<span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?next_update</span>:<span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Private_key/index.html#type-t">Private_key.t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-revoke_certificates"><a href="#val-revoke_certificates" class="anchor"></a><code><span><span class="keyword">val</span> revoke_certificates : 
+  <span><span><a href="#type-revoked_cert">revoked_cert</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">this_update</span>:<span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?next_update</span>:<span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Private_key/index.html#type-t">Private_key.t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_pem_dir"><a href="#val-of_pem_dir" class="anchor"></a><code><span><span class="keyword">val</span> of_pem_dir : <span><span class="label">directory</span>:<span class="xref-unresolved">Core</span>.Filename.t <span class="arrow">&#45;&gt;</span></span> <span><span><a href="#type-t">t</a> list</span> <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/Certificate/index.html b/doc/tls-async/Tls_async/X509_async/Certificate/index.html
new file mode 100644
index 00000000..c0e7b46d
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/Certificate/index.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Certificate (tls-async.Tls_async.X509_async.Certificate)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls-async</a> &#x00BB; <a href="../../index.html">Tls_async</a> &#x00BB; <a href="../index.html">X509_async</a> &#x00BB; Certificate</nav><header class="odoc-preamble"><h1>Module <code><span>X509_async.Certificate</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-decode_pkcs1_digest_info"><a href="#val-decode_pkcs1_digest_info" class="anchor"></a><code><span><span class="keyword">val</span> decode_pkcs1_digest_info : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span>[ `MD5 <span>| `SHA1</span> <span>| `SHA224</span> <span>| `SHA256</span> <span>| `SHA384</span> <span>| `SHA512</span> ]</span> * string,
+    <span>[&gt; <span>`Msg of string</span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_pkcs1_digest_info"><a href="#val-encode_pkcs1_digest_info" class="anchor"></a><code><span><span class="keyword">val</span> encode_pkcs1_digest_info : 
+  <span><span>(<span>[ `MD5 <span>| `SHA1</span> <span>| `SHA224</span> <span>| `SHA256</span> <span>| `SHA384</span> <span>| `SHA512</span> ]</span> * string)</span> <span class="arrow">&#45;&gt;</span></span>
+  string</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = <span class="xref-unresolved">X509</span>.Certificate.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp"><a href="#val-pp" class="anchor"></a><code><span><span class="keyword">val</span> pp : <span><a href="#type-t">t</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_der"><a href="#val-encode_der" class="anchor"></a><code><span><span class="keyword">val</span> encode_der : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-fold_decode_pem_multiple"><a href="#val-fold_decode_pem_multiple" class="anchor"></a><code><span><span class="keyword">val</span> fold_decode_pem_multiple : 
+  <span><span>(<span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span> <span><span><span>(<a href="#type-t">t</a>, <span>[&gt; <span>`Msg of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="arrow">&#45;&gt;</span></span> <span class="type-var">'a</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span class="type-var">'a</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_pem_multiple"><a href="#val-encode_pem_multiple" class="anchor"></a><code><span><span class="keyword">val</span> encode_pem_multiple : <span><span><a href="#type-t">t</a> list</span> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_pem"><a href="#val-encode_pem" class="anchor"></a><code><span><span class="keyword">val</span> encode_pem : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-supports_keytype"><a href="#val-supports_keytype" class="anchor"></a><code><span><span class="keyword">val</span> supports_keytype : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">X509</span>.Key_type.t <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-public_key"><a href="#val-public_key" class="anchor"></a><code><span><span class="keyword">val</span> public_key : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">X509</span>.Public_key.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-signature_algorithm"><a href="#val-signature_algorithm" class="anchor"></a><code><span><span class="keyword">val</span> signature_algorithm : 
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span class="xref-unresolved">X509</span>.Key_type.signature_scheme * <span class="xref-unresolved">Digestif</span>.hash')</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-hostnames"><a href="#val-hostnames" class="anchor"></a><code><span><span class="keyword">val</span> hostnames : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">X509</span>.Host.Set.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-supports_hostname"><a href="#val-supports_hostname" class="anchor"></a><code><span><span class="keyword">val</span> supports_hostname : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ips"><a href="#val-ips" class="anchor"></a><code><span><span class="keyword">val</span> ips : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">Ipaddr</span>.Set.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-supports_ip"><a href="#val-supports_ip" class="anchor"></a><code><span><span class="keyword">val</span> supports_ip : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Ipaddr</span>.t <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-fingerprint"><a href="#val-fingerprint" class="anchor"></a><code><span><span class="keyword">val</span> fingerprint : <span><span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-subject"><a href="#val-subject" class="anchor"></a><code><span><span class="keyword">val</span> subject : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">X509</span>.Distinguished_name.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-issuer"><a href="#val-issuer" class="anchor"></a><code><span><span class="keyword">val</span> issuer : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">X509</span>.Distinguished_name.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-serial"><a href="#val-serial" class="anchor"></a><code><span><span class="keyword">val</span> serial : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-validity"><a href="#val-validity" class="anchor"></a><code><span><span class="keyword">val</span> validity : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">Ptime</span>.t * <span class="xref-unresolved">Ptime</span>.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-extensions"><a href="#val-extensions" class="anchor"></a><code><span><span class="keyword">val</span> extensions : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">X509</span>.Extension.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_pem_multiple"><a href="#val-decode_pem_multiple" class="anchor"></a><code><span><span class="keyword">val</span> decode_pem_multiple : <span><span class="label">contents</span>:string <span class="arrow">&#45;&gt;</span></span> <span><span><a href="#type-t">t</a> list</span> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_pem"><a href="#val-decode_pem" class="anchor"></a><code><span><span class="keyword">val</span> decode_pem : <span><span class="label">contents</span>:string <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_der"><a href="#val-decode_der" class="anchor"></a><code><span><span class="keyword">val</span> decode_der : <span><span class="label">contents</span>:string <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_pem_file"><a href="#val-of_pem_file" class="anchor"></a><code><span><span class="keyword">val</span> of_pem_file : <span><span class="xref-unresolved">Core</span>.Filename.t <span class="arrow">&#45;&gt;</span></span> <span><span><a href="#type-t">t</a> list</span> <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_pem_directory"><a href="#val-of_pem_directory" class="anchor"></a><code><span><span class="keyword">val</span> of_pem_directory : 
+  <span><span class="label">directory</span>:<span class="xref-unresolved">Core</span>.Filename.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="#type-t">t</a> list</span> <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/Distinguished_name/index.html b/doc/tls-async/Tls_async/X509_async/Distinguished_name/index.html
new file mode 100644
index 00000000..9b884819
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/Distinguished_name/index.html
@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Distinguished_name (tls-async.Tls_async.X509_async.Distinguished_name)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls-async</a> &#x00BB; <a href="../../index.html">Tls_async</a> &#x00BB; <a href="../index.html">X509_async</a> &#x00BB; Distinguished_name</nav><header class="odoc-preamble"><h1>Module <code><span>X509_async.Distinguished_name</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-attribute"><a href="#type-attribute" class="anchor"></a><code><span><span class="keyword">type</span> attribute</span><span> = <span class="xref-unresolved">X509</span>.Distinguished_name.attribute</span><span> = </span></code><ol><li id="type-attribute.CN" class="def variant constructor anchored"><a href="#type-attribute.CN" class="anchor"></a><code><span>| </span><span><span class="constructor">CN</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.Serialnumber" class="def variant constructor anchored"><a href="#type-attribute.Serialnumber" class="anchor"></a><code><span>| </span><span><span class="constructor">Serialnumber</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.C" class="def variant constructor anchored"><a href="#type-attribute.C" class="anchor"></a><code><span>| </span><span><span class="constructor">C</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.L" class="def variant constructor anchored"><a href="#type-attribute.L" class="anchor"></a><code><span>| </span><span><span class="constructor">L</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.ST" class="def variant constructor anchored"><a href="#type-attribute.ST" class="anchor"></a><code><span>| </span><span><span class="constructor">ST</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.O" class="def variant constructor anchored"><a href="#type-attribute.O" class="anchor"></a><code><span>| </span><span><span class="constructor">O</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.OU" class="def variant constructor anchored"><a href="#type-attribute.OU" class="anchor"></a><code><span>| </span><span><span class="constructor">OU</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.T" class="def variant constructor anchored"><a href="#type-attribute.T" class="anchor"></a><code><span>| </span><span><span class="constructor">T</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.DNQ" class="def variant constructor anchored"><a href="#type-attribute.DNQ" class="anchor"></a><code><span>| </span><span><span class="constructor">DNQ</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.Mail" class="def variant constructor anchored"><a href="#type-attribute.Mail" class="anchor"></a><code><span>| </span><span><span class="constructor">Mail</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.DC" class="def variant constructor anchored"><a href="#type-attribute.DC" class="anchor"></a><code><span>| </span><span><span class="constructor">DC</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.Given_name" class="def variant constructor anchored"><a href="#type-attribute.Given_name" class="anchor"></a><code><span>| </span><span><span class="constructor">Given_name</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.Surname" class="def variant constructor anchored"><a href="#type-attribute.Surname" class="anchor"></a><code><span>| </span><span><span class="constructor">Surname</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.Initials" class="def variant constructor anchored"><a href="#type-attribute.Initials" class="anchor"></a><code><span>| </span><span><span class="constructor">Initials</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.Pseudonym" class="def variant constructor anchored"><a href="#type-attribute.Pseudonym" class="anchor"></a><code><span>| </span><span><span class="constructor">Pseudonym</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.Generation" class="def variant constructor anchored"><a href="#type-attribute.Generation" class="anchor"></a><code><span>| </span><span><span class="constructor">Generation</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.Street" class="def variant constructor anchored"><a href="#type-attribute.Street" class="anchor"></a><code><span>| </span><span><span class="constructor">Street</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.Userid" class="def variant constructor anchored"><a href="#type-attribute.Userid" class="anchor"></a><code><span>| </span><span><span class="constructor">Userid</span> <span class="keyword">of</span> string</span></code></li><li id="type-attribute.Other" class="def variant constructor anchored"><a href="#type-attribute.Other" class="anchor"></a><code><span>| </span><span><span class="constructor">Other</span> <span class="keyword">of</span> <span class="xref-unresolved">Asn</span>.oid * string</span></code></li></ol></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Relative_distinguished_name"><a href="#module-Relative_distinguished_name" class="anchor"></a><code><span><span class="keyword">module</span> Relative_distinguished_name</span><span> =
+  <span class="xref-unresolved">X509</span>.Distinguished_name.Relative_distinguished_name</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = <span><span class="xref-unresolved">Relative_distinguished_name</span>.t list</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-equal"><a href="#val-equal" class="anchor"></a><code><span><span class="keyword">val</span> equal : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-make_pp"><a href="#val-make_pp" class="anchor"></a><code><span><span class="keyword">val</span> make_pp : 
+  <span><span class="label">format</span>:<span>[ `OSF <span>| `OpenSSL</span> <span>| `RFC4514</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?spacing</span>:<span>[ `Loose <span>| `Medium</span> <span>| `Tight</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>unit <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp"><a href="#val-pp" class="anchor"></a><code><span><span class="keyword">val</span> pp : <span><a href="#type-t">t</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-common_name"><a href="#val-common_name" class="anchor"></a><code><span><span class="keyword">val</span> common_name : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span>string option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_der"><a href="#val-encode_der" class="anchor"></a><code><span><span class="keyword">val</span> encode_der : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_der"><a href="#val-decode_der" class="anchor"></a><code><span><span class="keyword">val</span> decode_der : <span><span class="label">contents</span>:string <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/OCSP/Request/index.html b/doc/tls-async/Tls_async/X509_async/OCSP/Request/index.html
new file mode 100644
index 00000000..307fb720
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/OCSP/Request/index.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Request (tls-async.Tls_async.X509_async.OCSP.Request)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../../index.html">tls-async</a> &#x00BB; <a href="../../../index.html">Tls_async</a> &#x00BB; <a href="../../index.html">X509_async</a> &#x00BB; <a href="../index.html">OCSP</a> &#x00BB; Request</nav><header class="odoc-preamble"><h1>Module <code><span>OCSP.Request</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = <span class="xref-unresolved">X509</span>.OCSP.Request.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp"><a href="#val-pp" class="anchor"></a><code><span><span class="keyword">val</span> pp : <span><a href="#type-t">t</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-validate"><a href="#val-validate" class="anchor"></a><code><span><span class="keyword">val</span> validate : 
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Public_key.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(unit,
+    <span>[&gt; <span>`Bad_encoding of <span class="xref-unresolved">X509</span>.Distinguished_name.t * string * string</span>
+    <span><span>| `Bad_signature</span> of <span class="xref-unresolved">X509</span>.Distinguished_name.t * string</span>
+    <span><span>| `Hash_not_allowed</span> of
+      <span class="xref-unresolved">X509</span>.Distinguished_name.t
+      * <span>[ `MD5 <span>| `SHA1</span> <span>| `SHA224</span> <span>| `SHA256</span> <span>| `SHA384</span> <span>| `SHA512</span> ]</span></span>
+    <span><span>| `Msg</span> of string</span>
+    <span>| `No_signature</span>
+    <span><span>| `Unsupported_algorithm</span> of <span class="xref-unresolved">X509</span>.Distinguished_name.t * string</span>
+    <span><span>| `Unsupported_keytype</span> of <span class="xref-unresolved">X509</span>.Distinguished_name.t * <span class="xref-unresolved">X509</span>.Public_key.t</span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-requestor_name"><a href="#val-requestor_name" class="anchor"></a><code><span><span class="keyword">val</span> requestor_name : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">X509</span>.General_name.b option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-cert_ids"><a href="#val-cert_ids" class="anchor"></a><code><span><span class="keyword">val</span> cert_ids : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">X509</span>.OCSP.cert_id list</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_der"><a href="#val-encode_der" class="anchor"></a><code><span><span class="keyword">val</span> encode_der : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-create"><a href="#val-create" class="anchor"></a><code><span><span class="keyword">val</span> create : 
+  <span><span class="optlabel">?certs</span>:<span><a href="../../Certificate/index.html#type-t">Certificate.t</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?digest</span>:<span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?requestor_name</span>:<span class="xref-unresolved">General_name</span>.b <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?key</span>:<a href="../../Private_key/index.html#type-t">Private_key.t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="../index.html#type-cert_id">cert_id</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_der"><a href="#val-decode_der" class="anchor"></a><code><span><span class="keyword">val</span> decode_der : <span><span class="label">contents</span>:string <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/OCSP/Response/index.html b/doc/tls-async/Tls_async/X509_async/OCSP/Response/index.html
new file mode 100644
index 00000000..40e98e04
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/OCSP/Response/index.html
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Response (tls-async.Tls_async.X509_async.OCSP.Response)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../../index.html">tls-async</a> &#x00BB; <a href="../../../index.html">Tls_async</a> &#x00BB; <a href="../../index.html">X509_async</a> &#x00BB; <a href="../index.html">OCSP</a> &#x00BB; Response</nav><header class="odoc-preamble"><h1>Module <code><span>OCSP.Response</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-status"><a href="#type-status" class="anchor"></a><code><span><span class="keyword">type</span> status</span><span> = </span><span>[ </span></code><ol><li id="type-status.InternalError" class="def variant constructor anchored"><a href="#type-status.InternalError" class="anchor"></a><code><span>| </span><span>`InternalError</span></code></li><li id="type-status.MalformedRequest" class="def variant constructor anchored"><a href="#type-status.MalformedRequest" class="anchor"></a><code><span>| </span><span>`MalformedRequest</span></code></li><li id="type-status.SigRequired" class="def variant constructor anchored"><a href="#type-status.SigRequired" class="anchor"></a><code><span>| </span><span>`SigRequired</span></code></li><li id="type-status.Successful" class="def variant constructor anchored"><a href="#type-status.Successful" class="anchor"></a><code><span>| </span><span>`Successful</span></code></li><li id="type-status.TryLater" class="def variant constructor anchored"><a href="#type-status.TryLater" class="anchor"></a><code><span>| </span><span>`TryLater</span></code></li><li id="type-status.Unauthorized" class="def variant constructor anchored"><a href="#type-status.Unauthorized" class="anchor"></a><code><span>| </span><span>`Unauthorized</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_status"><a href="#val-pp_status" class="anchor"></a><code><span><span class="keyword">val</span> pp_status : <span><a href="#type-status">status</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-cert_status"><a href="#type-cert_status" class="anchor"></a><code><span><span class="keyword">type</span> cert_status</span><span> = </span><span>[ </span></code><ol><li id="type-cert_status.Good" class="def variant constructor anchored"><a href="#type-cert_status.Good" class="anchor"></a><code><span>| </span><span>`Good</span></code></li><li id="type-cert_status.Revoked" class="def variant constructor anchored"><a href="#type-cert_status.Revoked" class="anchor"></a><code><span>| </span><span>`Revoked <span class="keyword">of</span> <span class="xref-unresolved">Ptime</span>.t * <span><span class="xref-unresolved">X509</span>.Extension.reason option</span></span></code></li><li id="type-cert_status.Unknown" class="def variant constructor anchored"><a href="#type-cert_status.Unknown" class="anchor"></a><code><span>| </span><span>`Unknown</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_cert_status"><a href="#val-pp_cert_status" class="anchor"></a><code><span><span class="keyword">val</span> pp_cert_status : <span><a href="#type-cert_status">cert_status</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-single_response"><a href="#type-single_response" class="anchor"></a><code><span><span class="keyword">type</span> single_response</span><span> = <span class="xref-unresolved">X509</span>.OCSP.Response.single_response</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-create_single_response"><a href="#val-create_single_response" class="anchor"></a><code><span><span class="keyword">val</span> create_single_response : 
+  <span><span class="optlabel">?next_update</span>:<span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?single_extensions</span>:<span class="xref-unresolved">X509</span>.Extension.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.OCSP.cert_id <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-cert_status">cert_status</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-single_response">single_response</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_single_response"><a href="#val-pp_single_response" class="anchor"></a><code><span><span class="keyword">val</span> pp_single_response : <span><a href="#type-single_response">single_response</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-single_response_cert_id"><a href="#val-single_response_cert_id" class="anchor"></a><code><span><span class="keyword">val</span> single_response_cert_id : <span><a href="#type-single_response">single_response</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">X509</span>.OCSP.cert_id</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-single_response_status"><a href="#val-single_response_status" class="anchor"></a><code><span><span class="keyword">val</span> single_response_status : <span><a href="#type-single_response">single_response</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-cert_status">cert_status</a></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-responder_id"><a href="#type-responder_id" class="anchor"></a><code><span><span class="keyword">type</span> responder_id</span><span> = </span><span>[ </span></code><ol><li id="type-responder_id.ByKey" class="def variant constructor anchored"><a href="#type-responder_id.ByKey" class="anchor"></a><code><span>| </span><span>`ByKey <span class="keyword">of</span> string</span></code></li><li id="type-responder_id.ByName" class="def variant constructor anchored"><a href="#type-responder_id.ByName" class="anchor"></a><code><span>| </span><span>`ByName <span class="keyword">of</span> <span class="xref-unresolved">X509</span>.Distinguished_name.t</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-create_responder_id"><a href="#val-create_responder_id" class="anchor"></a><code><span><span class="keyword">val</span> create_responder_id : <span><span class="xref-unresolved">X509</span>.Public_key.t <span class="arrow">&#45;&gt;</span></span> <a href="#type-responder_id">responder_id</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_responder_id"><a href="#val-pp_responder_id" class="anchor"></a><code><span><span class="keyword">val</span> pp_responder_id : <span><a href="#type-responder_id">responder_id</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = <span class="xref-unresolved">X509</span>.OCSP.Response.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-create"><a href="#val-create" class="anchor"></a><code><span><span class="keyword">val</span> create : 
+  <span><span>[ `InternalError
+  <span>| `MalformedRequest</span>
+  <span>| `SigRequired</span>
+  <span>| `TryLater</span>
+  <span>| `Unauthorized</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp"><a href="#val-pp" class="anchor"></a><code><span><span class="keyword">val</span> pp : <span><a href="#type-t">t</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-status"><a href="#val-status" class="anchor"></a><code><span><span class="keyword">val</span> status : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-status">status</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-responder_id"><a href="#val-responder_id" class="anchor"></a><code><span><span class="keyword">val</span> responder_id : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span>(<a href="#type-responder_id">responder_id</a>, <span>[&gt; <span>`Msg of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_der"><a href="#val-encode_der" class="anchor"></a><code><span><span class="keyword">val</span> encode_der : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-validate"><a href="#val-validate" class="anchor"></a><code><span><span class="keyword">val</span> validate : 
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?now</span>:<span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Public_key.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(unit,
+    <span>[&gt; <span>`Bad_encoding of <span class="xref-unresolved">X509</span>.Distinguished_name.t * string * string</span>
+    <span><span>| `Bad_signature</span> of <span class="xref-unresolved">X509</span>.Distinguished_name.t * string</span>
+    <span><span>| `Hash_not_allowed</span> of
+      <span class="xref-unresolved">X509</span>.Distinguished_name.t
+      * <span>[ `MD5 <span>| `SHA1</span> <span>| `SHA224</span> <span>| `SHA256</span> <span>| `SHA384</span> <span>| `SHA512</span> ]</span></span>
+    <span><span>| `Msg</span> of string</span>
+    <span>| `No_signature</span>
+    <span>| `Time_invalid</span>
+    <span><span>| `Unsupported_algorithm</span> of <span class="xref-unresolved">X509</span>.Distinguished_name.t * string</span>
+    <span><span>| `Unsupported_keytype</span> of <span class="xref-unresolved">X509</span>.Distinguished_name.t * <span class="xref-unresolved">X509</span>.Public_key.t</span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-create_success"><a href="#val-create_success" class="anchor"></a><code><span><span class="keyword">val</span> create_success : 
+  <span><span class="optlabel">?digest</span>:<span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?certs</span>:<span><a href="../../Certificate/index.html#type-t">Certificate.t</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?response_extensions</span>:<span class="xref-unresolved">Extension</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../../Private_key/index.html#type-t">Private_key.t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-responder_id">responder_id</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="#type-single_response">single_response</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-responses"><a href="#val-responses" class="anchor"></a><code><span><span class="keyword">val</span> responses : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span><a href="#type-single_response">single_response</a> list</span> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_der"><a href="#val-decode_der" class="anchor"></a><code><span><span class="keyword">val</span> decode_der : <span><span class="label">contents</span>:string <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/OCSP/index.html b/doc/tls-async/Tls_async/X509_async/OCSP/index.html
new file mode 100644
index 00000000..8208e7d3
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/OCSP/index.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>OCSP (tls-async.Tls_async.X509_async.OCSP)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls-async</a> &#x00BB; <a href="../../index.html">Tls_async</a> &#x00BB; <a href="../index.html">X509_async</a> &#x00BB; OCSP</nav><header class="odoc-preamble"><h1>Module <code><span>X509_async.OCSP</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-cert_id"><a href="#type-cert_id" class="anchor"></a><code><span><span class="keyword">type</span> cert_id</span><span> = <span class="xref-unresolved">X509</span>.OCSP.cert_id</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-create_cert_id"><a href="#val-create_cert_id" class="anchor"></a><code><span><span class="keyword">val</span> create_cert_id : 
+  <span><span class="optlabel">?hash</span>:<span>[ `MD5 <span>| `SHA1</span> <span>| `SHA224</span> <span>| `SHA256</span> <span>| `SHA384</span> <span>| `SHA512</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Certificate.t <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-cert_id">cert_id</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-cert_id_serial"><a href="#val-cert_id_serial" class="anchor"></a><code><span><span class="keyword">val</span> cert_id_serial : <span><a href="#type-cert_id">cert_id</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_cert_id"><a href="#val-pp_cert_id" class="anchor"></a><code><span><span class="keyword">val</span> pp_cert_id : <span><a href="#type-cert_id">cert_id</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Request"><a href="#module-Request" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Request/index.html">Request</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Response"><a href="#module-Response" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Response/index.html">Response</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/PKCS12/index.html b/doc/tls-async/Tls_async/X509_async/PKCS12/index.html
new file mode 100644
index 00000000..8c7063fa
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/PKCS12/index.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>PKCS12 (tls-async.Tls_async.X509_async.PKCS12)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls-async</a> &#x00BB; <a href="../../index.html">Tls_async</a> &#x00BB; <a href="../index.html">X509_async</a> &#x00BB; PKCS12</nav><header class="odoc-preamble"><h1>Module <code><span>X509_async.PKCS12</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = <span class="xref-unresolved">X509</span>.PKCS12.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_der"><a href="#val-encode_der" class="anchor"></a><code><span><span class="keyword">val</span> encode_der : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-create"><a href="#val-create" class="anchor"></a><code><span><span class="keyword">val</span> create : 
+  <span><span class="optlabel">?mac</span>:<span>[ `SHA1 <span>| `SHA224</span> <span>| `SHA256</span> <span>| `SHA384</span> <span>| `SHA512</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?algorithm</span>:<span>[ `AES128_CBC <span>| `AES192_CBC</span> <span>| `AES256_CBC</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?iterations</span>:int <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span class="xref-unresolved">X509</span>.Certificate.t list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Private_key.t <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_der"><a href="#val-decode_der" class="anchor"></a><code><span><span class="keyword">val</span> decode_der : <span><span class="label">contents</span>:string <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-verify"><a href="#val-verify" class="anchor"></a><code><span><span class="keyword">val</span> verify : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>[ <span>`Certificate of <a href="../Certificate/index.html#type-t">Certificate.t</a></span>
+  <span><span>| `Crl</span> of <a href="../CRL/index.html#type-t">CRL.t</a></span>
+  <span><span>| `Decrypted_private_key</span> of <a href="../Private_key/index.html#type-t">Private_key.t</a></span>
+  <span><span>| `Private_key</span> of <a href="../Private_key/index.html#type-t">Private_key.t</a></span> ]</span>
+    list</span>
+    <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/Private_key/index.html b/doc/tls-async/Tls_async/X509_async/Private_key/index.html
new file mode 100644
index 00000000..4bf073a6
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/Private_key/index.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Private_key (tls-async.Tls_async.X509_async.Private_key)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls-async</a> &#x00BB; <a href="../../index.html">Tls_async</a> &#x00BB; <a href="../index.html">X509_async</a> &#x00BB; Private_key</nav><header class="odoc-preamble"><h1>Module <code><span>X509_async.Private_key</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = </span><span>[ </span></code><ol><li id="type-t.ED25519" class="def variant constructor anchored"><a href="#type-t.ED25519" class="anchor"></a><code><span>| </span><span>`ED25519 <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_ec</span>.Ed25519.priv</span></code></li><li id="type-t.P256" class="def variant constructor anchored"><a href="#type-t.P256" class="anchor"></a><code><span>| </span><span>`P256 <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_ec</span>.P256.Dsa.priv</span></code></li><li id="type-t.P384" class="def variant constructor anchored"><a href="#type-t.P384" class="anchor"></a><code><span>| </span><span>`P384 <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_ec</span>.P384.Dsa.priv</span></code></li><li id="type-t.P521" class="def variant constructor anchored"><a href="#type-t.P521" class="anchor"></a><code><span>| </span><span>`P521 <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_ec</span>.P521.Dsa.priv</span></code></li><li id="type-t.RSA" class="def variant constructor anchored"><a href="#type-t.RSA" class="anchor"></a><code><span>| </span><span>`RSA <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_pk</span>.Rsa.priv</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-generate"><a href="#val-generate" class="anchor"></a><code><span><span class="keyword">val</span> generate : <span><span class="optlabel">?seed</span>:string <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?bits</span>:int <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">X509</span>.Key_type.t <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_octets"><a href="#val-of_octets" class="anchor"></a><code><span><span class="keyword">val</span> of_octets : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Key_type.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="#type-t">t</a>, <span>[&gt; <span>`Msg of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_string"><a href="#val-of_string" class="anchor"></a><code><span><span class="keyword">val</span> of_string : 
+  <span><span class="optlabel">?seed_or_data</span>:<span>[ `Data <span>| `Seed</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?bits</span>:int <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Key_type.t <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="#type-t">t</a>, <span>[&gt; <span>`Msg of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-key_type"><a href="#val-key_type" class="anchor"></a><code><span><span class="keyword">val</span> key_type : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">X509</span>.Key_type.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-public"><a href="#val-public" class="anchor"></a><code><span><span class="keyword">val</span> public : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">X509</span>.Public_key.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_der"><a href="#val-encode_der" class="anchor"></a><code><span><span class="keyword">val</span> encode_der : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_pem"><a href="#val-encode_pem" class="anchor"></a><code><span><span class="keyword">val</span> encode_pem : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-sign"><a href="#val-sign" class="anchor"></a><code><span><span class="keyword">val</span> sign : 
+  <span><span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?scheme</span>:<span class="xref-unresolved">Key_type</span>.signature_scheme <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[ <span>`Digest of string</span> <span><span>| `Message</span> of string</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_der"><a href="#val-decode_der" class="anchor"></a><code><span><span class="keyword">val</span> decode_der : <span><span class="label">contents</span>:string <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_pem"><a href="#val-decode_pem" class="anchor"></a><code><span><span class="keyword">val</span> decode_pem : <span><span class="label">contents</span>:string <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_pem_file"><a href="#val-of_pem_file" class="anchor"></a><code><span><span class="keyword">val</span> of_pem_file : <span><span class="xref-unresolved">Core</span>.Filename.t <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/Public_key/index.html b/doc/tls-async/Tls_async/X509_async/Public_key/index.html
new file mode 100644
index 00000000..0a755eab
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/Public_key/index.html
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Public_key (tls-async.Tls_async.X509_async.Public_key)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls-async</a> &#x00BB; <a href="../../index.html">Tls_async</a> &#x00BB; <a href="../index.html">X509_async</a> &#x00BB; Public_key</nav><header class="odoc-preamble"><h1>Module <code><span>X509_async.Public_key</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = </span><span>[ </span></code><ol><li id="type-t.ED25519" class="def variant constructor anchored"><a href="#type-t.ED25519" class="anchor"></a><code><span>| </span><span>`ED25519 <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_ec</span>.Ed25519.pub</span></code></li><li id="type-t.P256" class="def variant constructor anchored"><a href="#type-t.P256" class="anchor"></a><code><span>| </span><span>`P256 <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_ec</span>.P256.Dsa.pub</span></code></li><li id="type-t.P384" class="def variant constructor anchored"><a href="#type-t.P384" class="anchor"></a><code><span>| </span><span>`P384 <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_ec</span>.P384.Dsa.pub</span></code></li><li id="type-t.P521" class="def variant constructor anchored"><a href="#type-t.P521" class="anchor"></a><code><span>| </span><span>`P521 <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_ec</span>.P521.Dsa.pub</span></code></li><li id="type-t.RSA" class="def variant constructor anchored"><a href="#type-t.RSA" class="anchor"></a><code><span>| </span><span>`RSA <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_pk</span>.Rsa.pub</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp"><a href="#val-pp" class="anchor"></a><code><span><span class="keyword">val</span> pp : <span><a href="#type-t">t</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-id"><a href="#val-id" class="anchor"></a><code><span><span class="keyword">val</span> id : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-fingerprint"><a href="#val-fingerprint" class="anchor"></a><code><span><span class="keyword">val</span> fingerprint : <span><span class="optlabel">?hash</span>:<span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-key_type"><a href="#val-key_type" class="anchor"></a><code><span><span class="keyword">val</span> key_type : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">X509</span>.Key_type.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_der"><a href="#val-encode_der" class="anchor"></a><code><span><span class="keyword">val</span> encode_der : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_pem"><a href="#val-encode_pem" class="anchor"></a><code><span><span class="keyword">val</span> encode_pem : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-verify"><a href="#val-verify" class="anchor"></a><code><span><span class="keyword">val</span> verify : 
+  <span><span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?scheme</span>:<span class="xref-unresolved">Key_type</span>.signature_scheme <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">signature</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[ <span>`Digest of string</span> <span><span>| `Message</span> of string</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>unit <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_der"><a href="#val-decode_der" class="anchor"></a><code><span><span class="keyword">val</span> decode_der : <span><span class="label">contents</span>:string <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_pem"><a href="#val-decode_pem" class="anchor"></a><code><span><span class="keyword">val</span> decode_pem : <span><span class="label">contents</span>:string <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/Signing_request/index.html b/doc/tls-async/Tls_async/X509_async/Signing_request/index.html
new file mode 100644
index 00000000..309af300
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/Signing_request/index.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signing_request (tls-async.Tls_async.X509_async.Signing_request)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls-async</a> &#x00BB; <a href="../../index.html">Tls_async</a> &#x00BB; <a href="../index.html">X509_async</a> &#x00BB; Signing_request</nav><header class="odoc-preamble"><h1>Module <code><span>X509_async.Signing_request</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = <span class="xref-unresolved">X509</span>.Signing_request.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_der"><a href="#val-encode_der" class="anchor"></a><code><span><span class="keyword">val</span> encode_der : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encode_pem"><a href="#val-encode_pem" class="anchor"></a><code><span><span class="keyword">val</span> encode_pem : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Ext"><a href="#module-Ext" class="anchor"></a><code><span><span class="keyword">module</span> Ext</span><span> = <span class="xref-unresolved">X509</span>.Signing_request.Ext</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-request_info"><a href="#type-request_info" class="anchor"></a><code><span><span class="keyword">type</span> request_info</span><span> = <span class="xref-unresolved">X509</span>.Signing_request.request_info</span><span> = </span><span>{</span></code><ol><li id="type-request_info.subject" class="def record field anchored"><a href="#type-request_info.subject" class="anchor"></a><code><span>subject : <span class="xref-unresolved">X509</span>.Distinguished_name.t;</span></code></li><li id="type-request_info.public_key" class="def record field anchored"><a href="#type-request_info.public_key" class="anchor"></a><code><span>public_key : <span class="xref-unresolved">X509</span>.Public_key.t;</span></code></li><li id="type-request_info.extensions" class="def record field anchored"><a href="#type-request_info.extensions" class="anchor"></a><code><span>extensions : <span class="xref-unresolved">Ext</span>.t;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-info"><a href="#val-info" class="anchor"></a><code><span><span class="keyword">val</span> info : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-request_info">request_info</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-signature_algorithm"><a href="#val-signature_algorithm" class="anchor"></a><code><span><span class="keyword">val</span> signature_algorithm : 
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span class="xref-unresolved">X509</span>.Key_type.signature_scheme * <span class="xref-unresolved">Digestif</span>.hash')</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-hostnames"><a href="#val-hostnames" class="anchor"></a><code><span><span class="keyword">val</span> hostnames : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">X509</span>.Host.Set.t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_der"><a href="#val-decode_der" class="anchor"></a><code><span><span class="keyword">val</span> decode_der : 
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decode_pem"><a href="#val-decode_pem" class="anchor"></a><code><span><span class="keyword">val</span> decode_pem : <span>string <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-create"><a href="#val-create" class="anchor"></a><code><span><span class="keyword">val</span> create : 
+  <span><a href="../Distinguished_name/index.html#type-t">Distinguished_name.t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?digest</span>:<span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?extensions</span>:<span class="xref-unresolved">Ext</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Private_key/index.html#type-t">Private_key.t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-sign"><a href="#val-sign" class="anchor"></a><code><span><span class="keyword">val</span> sign : 
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?digest</span>:<span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?serial</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?extensions</span>:<span class="xref-unresolved">Extension</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Private_key/index.html#type-t">Private_key.t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Distinguished_name/index.html#type-t">Distinguished_name.t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">valid_from</span>:<span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">valid_until</span>:<span class="xref-unresolved">Ptime</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Certificate/index.html#type-t">Certificate.t</a> <span class="xref-unresolved">Core</span>.Or_error.t</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/X509_async/index.html b/doc/tls-async/Tls_async/X509_async/index.html
new file mode 100644
index 00000000..5806d8f1
--- /dev/null
+++ b/doc/tls-async/Tls_async/X509_async/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>X509_async (tls-async.Tls_async.X509_async)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls-async</a> &#x00BB; <a href="../index.html">Tls_async</a> &#x00BB; X509_async</nav><header class="odoc-preamble"><h1>Module <code><span>Tls_async.X509_async</span></code></h1><p>Helper functions for <code>Async_unix</code>-specific IO operations commonly used with X509 certificates, such as loading from a Unix filesystem</p></header><div class="odoc-content"><div class="odoc-include"><details open="open"><summary class="spec include"><code><span><span class="keyword">include</span> <span class="keyword">module</span> <span class="keyword">type</span> <span class="keyword">of</span> <span class="keyword">struct</span> <span class="keyword">include</span> <span class="xref-unresolved">X509</span> <span class="keyword">end</span></span></code></summary><div class="odoc-spec"><div class="spec module anchored" id="module-Host"><a href="#module-Host" class="anchor"></a><code><span><span class="keyword">module</span> Host</span><span> = <span class="xref-unresolved">X509</span>.Host</span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Key_type"><a href="#module-Key_type" class="anchor"></a><code><span><span class="keyword">module</span> Key_type</span><span> = <span class="xref-unresolved">X509</span>.Key_type</span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-General_name"><a href="#module-General_name" class="anchor"></a><code><span><span class="keyword">module</span> General_name</span><span> = <span class="xref-unresolved">X509</span>.General_name</span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Extension"><a href="#module-Extension" class="anchor"></a><code><span><span class="keyword">module</span> Extension</span><span> = <span class="xref-unresolved">X509</span>.Extension</span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Validation"><a href="#module-Validation" class="anchor"></a><code><span><span class="keyword">module</span> Validation</span><span> = <span class="xref-unresolved">X509</span>.Validation</span></code></div></div></details></div><div class="odoc-spec"><div class="spec module anchored" id="module-Authenticator"><a href="#module-Authenticator" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Authenticator/index.html">Authenticator</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Private_key"><a href="#module-Private_key" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Private_key/index.html">Private_key</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Public_key"><a href="#module-Public_key" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Public_key/index.html">Public_key</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Certificate"><a href="#module-Certificate" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Certificate/index.html">Certificate</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Distinguished_name"><a href="#module-Distinguished_name" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Distinguished_name/index.html">Distinguished_name</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-CRL"><a href="#module-CRL" class="anchor"></a><code><span><span class="keyword">module</span> <a href="CRL/index.html">CRL</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-OCSP"><a href="#module-OCSP" class="anchor"></a><code><span><span class="keyword">module</span> <a href="OCSP/index.html">OCSP</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-PKCS12"><a href="#module-PKCS12" class="anchor"></a><code><span><span class="keyword">module</span> <a href="PKCS12/index.html">PKCS12</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Signing_request"><a href="#module-Signing_request" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Signing_request/index.html">Signing_request</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div></div></body></html>
diff --git a/doc/tls-async/Tls_async/index.html b/doc/tls-async/Tls_async/index.html
new file mode 100644
index 00000000..b9dc7cc8
--- /dev/null
+++ b/doc/tls-async/Tls_async/index.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Tls_async (tls-async.Tls_async)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../index.html">tls-async</a> &#x00BB; Tls_async</nav><header class="odoc-preamble"><h1>Module <code><span>Tls_async</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec module anchored" id="module-Session"><a href="#module-Session" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Session/index.html">Session</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div><div class="spec-doc"><p>Low-level API for working with TLS sessions. Most applications should use the high-level API below</p></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-X509_async"><a href="#module-X509_async" class="anchor"></a><code><span><span class="keyword">module</span> <a href="X509_async/index.html">X509_async</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div><div class="spec-doc"><p>Helper functions for <code>Async_unix</code>-specific IO operations commonly used with X509 certificates, such as loading from a Unix filesystem</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-listen"><a href="#val-listen" class="anchor"></a><code><span><span class="keyword">val</span> listen : 
+  <span><span class="optlabel">?buffer_age_limit</span>:<span class="xref-unresolved">Async</span>.Writer.buffer_age_limit <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?max_connections</span>:int <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?max_accepts_per_batch</span>:int <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?backlog</span>:int <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?socket</span>:
+    <span><span>(<span>[ `Unconnected ]</span>, <span>[&lt; <span class="xref-unresolved">Async</span>.Socket.Address.t ]</span> <span class="keyword">as</span> 'address)</span> <span class="xref-unresolved">Async</span>.Socket.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">on_handler_error</span>:<span>[ <span>`Call of <span><span class="type-var">'address</span> <span class="arrow">&#45;&gt;</span></span> <span>exn <span class="arrow">&#45;&gt;</span></span> unit</span> <span>| `Ignore</span> <span>| `Raise</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../../tls/Tls/Config/index.html#type-server">Tls.Config.server</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(<span class="type-var">'address</span>, <span class="type-var">'listening_on</span>)</span> <span class="xref-unresolved">Async</span>.Tcp.Where_to_listen.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span><span class="type-var">'address</span> <span class="arrow">&#45;&gt;</span></span>
+    <span><a href="Session/index.html#type-t">Session.t</a> <span class="arrow">&#45;&gt;</span></span>
+    <span><span class="xref-unresolved">Async</span>.Reader.t <span class="arrow">&#45;&gt;</span></span>
+    <span><span class="xref-unresolved">Async</span>.Writer.t <span class="arrow">&#45;&gt;</span></span>
+    <span>unit <span class="xref-unresolved">Async</span>.Deferred.t</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(<span class="type-var">'address</span>, <span class="type-var">'listening_on</span>)</span> <span class="xref-unresolved">Async</span>.Tcp.Server.t</span> <span class="xref-unresolved">Async</span>.Deferred.t</span></span></code></div><div class="spec-doc"><p><code>listen</code> creates a <code>Tcp.Server.t</code> with the requested parameters, including those specified in <code>Tls.Config.server</code>. The handler function exposes the low-level <code>Session.t</code> to accommodate cases like interrogating a client certificate</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-io_handler"><a href="#type-io_handler" class="anchor"></a><code><span><span class="keyword">type</span> <span>'a io_handler</span></span><span> = <span><span class="xref-unresolved">Async</span>.Reader.t <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Async</span>.Writer.t <span class="arrow">&#45;&gt;</span></span> <span><span class="type-var">'a</span> <span class="xref-unresolved">Async</span>.Deferred.t</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-tls_handler"><a href="#type-tls_handler" class="anchor"></a><code><span><span class="keyword">type</span> <span>'a tls_handler</span></span><span> = <span><a href="Session/index.html#type-t">Session.t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="type-var">'a</span> <a href="#type-io_handler">io_handler</a></span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-upgrade_server_handler"><a href="#val-upgrade_server_handler" class="anchor"></a><code><span><span class="keyword">val</span> upgrade_server_handler : 
+  <span><span class="label">config</span>:<a href="../../tls/Tls/Config/index.html#type-server">Tls.Config.server</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span class="type-var">'a</span> <a href="#type-tls_handler">tls_handler</a></span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="type-var">'a</span> <a href="#type-io_handler">io_handler</a></span></span></code></div><div class="spec-doc"><p><code>upgrade_server_handler</code> is what <code>listen</code> calls to handle each client. It is exposed so that low-level end-users of the library can use tls-async inside of code that manages Tcp services directly.</p><p>The <code>tls_handler</code> argument will be called with the client Tls session, reader and writer to be used for cleartext data.</p><p>The outer <code>reader</code> and <code>writer</code> will read encrypted data from and write encrypted data to the connected socket.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-connect"><a href="#val-connect" class="anchor"></a><code><span><span class="keyword">val</span> connect : 
+  <span><span class="optlabel">?socket</span>:<span><span>(<span>[ `Unconnected ]</span>, <span class="type-var">'addr</span>)</span> <span class="xref-unresolved">Async</span>.Socket.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span><a href="../../tls/Tls/Config/index.html#type-client">Tls.Config.client</a> <span class="arrow">&#45;&gt;</span></span>
+    <span><span><span class="type-var">'addr</span> <span class="xref-unresolved">Async</span>.Tcp.Where_to_connect.t</span> <span class="arrow">&#45;&gt;</span></span>
+    <span><span class="label">host</span>:<span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> option</span> <span class="arrow">&#45;&gt;</span></span>
+    <span><span>(<a href="Session/index.html#type-t">Session.t</a> * <span class="xref-unresolved">Async</span>.Reader.t * <span class="xref-unresolved">Async</span>.Writer.t)</span> <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span>)</span>
+    <span class="xref-unresolved">Async</span>.Tcp.Aliases.with_connect_options</span></span></code></div><div class="spec-doc"><p><code>connect</code> behaves similarly to <code>Tcp.connect</code>, exposing a cleartext reader and writer. Callers should ensure they close the <code>Writer.t</code> and wait for the <code>unit Deferred.t</code> returned by <code>`Closed_and_flushed_downstream</code> to completely shut down the TLS connection</p><p><code>host</code> is used for peer name verification and should generally be provided. Passing <code>None</code> will disable peer name verification unless <code>peer_name</code> was provided in the <code>Tls.Config.client</code>. If both are present <code>host</code> overwrites <code>peer_name</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-upgrade_client_to_tls"><a href="#val-upgrade_client_to_tls" class="anchor"></a><code><span><span class="keyword">val</span> upgrade_client_to_tls : 
+  <span><a href="../../tls/Tls/Config/index.html#type-client">Tls.Config.client</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">host</span>:<span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Async</span>.Reader.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Async</span>.Writer.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="Session/index.html#type-t">Session.t</a> * <span class="xref-unresolved">Async</span>.Reader.t * <span class="xref-unresolved">Async</span>.Writer.t)</span> <span class="xref-unresolved">Async</span>.Deferred.Or_error.t</span></span></code></div><div class="spec-doc"><p><code>upgrade_client_to_tls</code> upgrades an existing reader/writer to TLS, returning a cleartext reader and writer. Callers should ensure they close the <code>Writer.t</code> and wait for the <code>unit Deferred.t</code> returned by <code>`Closed_and_flushed_downstream</code> to completely shut down the TLS connection</p><p><code>host</code> is used for peer name verification and should generally be provided. Passing <code>None</code> will disable peer name verification unless <code>peer_name</code> was provided in the <code>Tls.Config.client</code>. If both are present <code>host</code> overwrites <code>peer_name</code>.</p></div></div></div></body></html>
diff --git a/doc/tls-async/index.html b/doc/tls-async/index.html
new file mode 100644
index 00000000..667a478c
--- /dev/null
+++ b/doc/tls-async/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>index (tls-async.index)</title><meta charset="utf-8"/><link rel="stylesheet" href="../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – tls-async</nav><header class="odoc-preamble"><h1 id="tls-async-index"><a href="#tls-async-index" class="anchor"></a>tls-async index</h1></header><nav class="odoc-toc"><ul><li><a href="#library-tls-async">Library tls-async</a></li></ul></nav><div class="odoc-content"><h2 id="library-tls-async"><a href="#library-tls-async" class="anchor"></a>Library tls-async</h2><p>The entry point of this library is the module: <a href="Tls_async/index.html"><code>Tls_async</code></a>.</p></div></body></html>
diff --git a/doc/tls-eio/Tls_eio/index.html b/doc/tls-eio/Tls_eio/index.html
new file mode 100644
index 00000000..e88b968b
--- /dev/null
+++ b/doc/tls-eio/Tls_eio/index.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Tls_eio (tls-eio.Tls_eio)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../index.html">tls-eio</a> &#x00BB; Tls_eio</nav><header class="odoc-preamble"><h1>Module <code><span>Tls_eio</span></code></h1><p>Effectful operations using Eio for pure TLS.</p><p>The pure TLS is state and buffer in, state and buffer out. This module uses Eio for communication over the network.</p></header><nav class="odoc-toc"><ul><li><a href="#constructors">Constructors</a></li><li><a href="#control-of-tls-features">Control of TLS features</a></li></ul></nav><div class="odoc-content"><div class="odoc-spec"><div class="spec exception anchored" id="exception-Tls_alert"><a href="#exception-Tls_alert" class="anchor"></a><code><span><span class="keyword">exception</span> </span><span><span class="exception">Tls_alert</span> <span class="keyword">of</span> <a href="../../tls/Tls/Packet/index.html#type-alert_type">Tls.Packet.alert_type</a></span></code></div><div class="spec-doc"><p><code>Tls_alert</code> exception received from the other endpoint</p></div></div><div class="odoc-spec"><div class="spec exception anchored" id="exception-Tls_failure"><a href="#exception-Tls_failure" class="anchor"></a><code><span><span class="keyword">exception</span> </span><span><span class="exception">Tls_failure</span> <span class="keyword">of</span> <a href="../../tls/Tls/Engine/index.html#type-failure">Tls.Engine.failure</a></span></code></div><div class="spec-doc"><p><code>Tls_failure</code> exception while processing incoming data</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = <span><span>[ `Tls <span>| <span class="xref-unresolved">Eio</span>.Flow.two_way_ty</span> <span>| <span class="xref-unresolved">Eio</span>.Resource.close_ty</span> ]</span> <span class="xref-unresolved">Eio</span>.Std.r</span></span></code></div></div><h3 id="constructors"><a href="#constructors" class="anchor"></a>Constructors</h3><div class="odoc-spec"><div class="spec value anchored" id="val-server_of_flow"><a href="#val-server_of_flow" class="anchor"></a><code><span><span class="keyword">val</span> server_of_flow : 
+  <span><a href="../../tls/Tls/Config/index.html#type-server">Tls.Config.server</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>[&gt; <span class="xref-unresolved">Eio</span>.Flow.two_way_ty <span>| <span class="xref-unresolved">Eio</span>.Resource.close_ty</span> ]</span> <span class="xref-unresolved">Eio</span>.Std.r</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-t">t</a></span></code></div><div class="spec-doc"><p><code>server_of_flow server flow</code> is <code>t</code>, after server-side TLS handshake of <code>flow</code> using <code>server</code> configuration.</p><p>You must ensure a RNG is installed while using TLS, e.g. using <code>Mirage_crypto_rng_eio</code>. Ideally, this would be part of the <code>server</code> config so you couldn't forget it, but for now you'll get a runtime error if you forget.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-client_of_flow"><a href="#val-client_of_flow" class="anchor"></a><code><span><span class="keyword">val</span> client_of_flow : 
+  <span><a href="../../tls/Tls/Config/index.html#type-client">Tls.Config.client</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?host</span>:<span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>[&gt; <span class="xref-unresolved">Eio</span>.Flow.two_way_ty <span>| <span class="xref-unresolved">Eio</span>.Resource.close_ty</span> ]</span> <span class="xref-unresolved">Eio</span>.Std.r</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-t">t</a></span></code></div><div class="spec-doc"><p><code>client_of_flow client ~host fd</code> is <code>t</code>, after client-side TLS handshake of <code>flow</code> using <code>client</code> configuration and <code>host</code>.</p><p>You must ensure a RNG is installed while using TLS, e.g. using <code>Mirage_crypto_rng_eio</code>. Ideally, this would be part of the <code>client</code> config so you couldn't forget it, but for now you'll get a runtime error if you forget.</p></div></div><h3 id="control-of-tls-features"><a href="#control-of-tls-features" class="anchor"></a>Control of TLS features</h3><div class="odoc-spec"><div class="spec value anchored" id="val-reneg"><a href="#val-reneg" class="anchor"></a><code><span><span class="keyword">val</span> reneg : 
+  <span><span class="optlabel">?authenticator</span>:<span class="xref-unresolved">X509</span>.Authenticator.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?acceptable_cas</span>:<span><span class="xref-unresolved">X509</span>.Distinguished_name.t list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?cert</span>:<a href="../../tls/Tls/Config/index.html#type-own_cert">Tls.Config.own_cert</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?drop</span>:bool <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div><div class="spec-doc"><p><code>reneg ~authenticator ~acceptable_cas ~cert ~drop t</code> renegotiates the session, and blocks until the renegotiation finished. Optionally, a new <code>authenticator</code> and <code>acceptable_cas</code> can be used. The own certificate can be adjusted by <code>cert</code>. If <code>drop</code> is <code>true</code> (the default), application data received before the renegotiation finished is dropped.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-key_update"><a href="#val-key_update" class="anchor"></a><code><span><span class="keyword">val</span> key_update : <span><span class="optlabel">?request</span>:bool <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div><div class="spec-doc"><p><code>key_update ~request t</code> updates the traffic key and requests a traffic key update from the peer if <code>request</code> is provided and <code>true</code> (the default). This is only supported in TLS 1.3.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-epoch"><a href="#val-epoch" class="anchor"></a><code><span><span class="keyword">val</span> epoch : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span>(<a href="../../tls/Tls/Core/index.html#type-epoch_data">Tls.Core.epoch_data</a>, unit)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div><div class="spec-doc"><p><code>epoch t</code> returns <code>epoch</code>, which contains information of the active session.</p></div></div></div></body></html>
diff --git a/doc/tls-eio/X509_eio/index.html b/doc/tls-eio/X509_eio/index.html
new file mode 100644
index 00000000..acdf737f
--- /dev/null
+++ b/doc/tls-eio/X509_eio/index.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>X509_eio (tls-eio.X509_eio)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../index.html">tls-eio</a> &#x00BB; X509_eio</nav><header class="odoc-preamble"><h1>Module <code><span>X509_eio</span></code></h1><p>X.509 certificate handling using Eio.</p></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-private_of_pems"><a href="#val-private_of_pems" class="anchor"></a><code><span><span class="keyword">val</span> private_of_pems : 
+  <span><span class="label">cert</span>:<span><span class="type-var">_</span> <span class="xref-unresolved">Eio</span>.Path.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">priv_key</span>:<span><span class="type-var">_</span> <span class="xref-unresolved">Eio</span>.Path.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../../tls/Tls/Config/index.html#type-certchain">Tls.Config.certchain</a></span></code></div><div class="spec-doc"><p><code>private_of_pems ~cert ~priv_key</code> is <code>priv</code>, after reading the private key and certificate chain from the given PEM-encoded files.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-certs_of_pem"><a href="#val-certs_of_pem" class="anchor"></a><code><span><span class="keyword">val</span> certs_of_pem : <span><span><span class="type-var">_</span> <span class="xref-unresolved">Eio</span>.Path.t</span> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">X509</span>.Certificate.t list</span></span></code></div><div class="spec-doc"><p><code>certs_of_pem file</code> is <code>certificates</code>, which are read from the PEM-encoded <code>file</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-certs_of_pem_dir"><a href="#val-certs_of_pem_dir" class="anchor"></a><code><span><span class="keyword">val</span> certs_of_pem_dir : <span><span><span class="type-var">_</span> <span class="xref-unresolved">Eio</span>.Path.t</span> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">X509</span>.Certificate.t list</span></span></code></div><div class="spec-doc"><p><code>certs_of_pem_dir dir</code> is <code>certificates</code>, which are read from all PEM-encoded files in <code>dir</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-authenticator"><a href="#val-authenticator" class="anchor"></a><code><span><span class="keyword">val</span> authenticator : 
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?crls</span>:<span><span class="type-var">_</span> <span class="xref-unresolved">Eio</span>.Path.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[ <span>`Ca_file of <span><span class="type-var">_</span> <span class="xref-unresolved">Eio</span>.Path.t</span></span>
+  <span><span>| `Ca_dir</span> of <span><span class="type-var">_</span> <span class="xref-unresolved">Eio</span>.Path.t</span></span>
+  <span><span>| `Key_fingerprint</span> of <span class="xref-unresolved">Digestif</span>.hash' * string</span>
+  <span><span>| `Hex_key_fingerprint</span> of <span class="xref-unresolved">Digestif</span>.hash' * string</span>
+  <span><span>| `Cert_fingerprint</span> of <span class="xref-unresolved">Digestif</span>.hash' * string</span>
+  <span><span>| `Hex_cert_fingerprint</span> of <span class="xref-unresolved">Digestif</span>.hash' * string</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span class="xref-unresolved">X509</span>.Authenticator.t</span></code></div><div class="spec-doc"><p><code>authenticator methods</code> constructs an <code>authenticator</code> using the specified method and data.</p></div></div></div></body></html>
diff --git a/doc/tls-eio/index.html b/doc/tls-eio/index.html
new file mode 100644
index 00000000..4fca7632
--- /dev/null
+++ b/doc/tls-eio/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>index (tls-eio.index)</title><meta charset="utf-8"/><link rel="stylesheet" href="../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – tls-eio</nav><header class="odoc-preamble"><h1 id="tls-eio-index"><a href="#tls-eio-index" class="anchor"></a>tls-eio index</h1></header><nav class="odoc-toc"><ul><li><a href="#library-tls-eio">Library tls-eio</a></li></ul></nav><div class="odoc-content"><h2 id="library-tls-eio"><a href="#library-tls-eio" class="anchor"></a>Library tls-eio</h2><p>This library exposes the following toplevel modules:</p><ul class="modules"><li><a href="Tls_eio/index.html"><code>Tls_eio</code></a> <span class="synopsis">Effectful operations using Eio for pure TLS.</span></li><li><a href="X509_eio/index.html"><code>X509_eio</code></a> <span class="synopsis">X.509 certificate handling using Eio.</span></li></ul></div></body></html>
diff --git a/doc/tls-lwt/Tls_lwt/Unix/index.html b/doc/tls-lwt/Tls_lwt/Unix/index.html
new file mode 100644
index 00000000..5b55cb1f
--- /dev/null
+++ b/doc/tls-lwt/Tls_lwt/Unix/index.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Unix (tls-lwt.Tls_lwt.Unix)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls-lwt</a> &#x00BB; <a href="../index.html">Tls_lwt</a> &#x00BB; Unix</nav><header class="odoc-preamble"><h1>Module <code><span>Tls_lwt.Unix</span></code></h1><p>Low-level API</p></header><nav class="odoc-toc"><ul><li><a href="#unix-api">Unix API</a><ul><li><a href="#constructors">Constructors</a></li><li><a href="#common-stream-operations">Common stream operations</a></li></ul></li></ul></nav><div class="odoc-content"><h2 id="unix-api"><a href="#unix-api" class="anchor"></a>Unix API</h2><p>It is the responsibility of the client to handle error conditions. The underlying file descriptors are not closed.</p><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span></code></div><div class="spec-doc"><p>Abstract type of a session</p></div></div><h3 id="constructors"><a href="#constructors" class="anchor"></a>Constructors</h3><div class="odoc-spec"><div class="spec value anchored" id="val-server_of_fd"><a href="#val-server_of_fd" class="anchor"></a><code><span><span class="keyword">val</span> server_of_fd : <span><a href="../../../tls/Tls/Config/index.html#type-server">Tls.Config.server</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Lwt_unix</span>.file_descr <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>server_of_fd server fd</code> is <code>t</code>, after server-side TLS handshake of <code>fd</code> using <code>server</code> configuration.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-server_of_channels"><a href="#val-server_of_channels" class="anchor"></a><code><span><span class="keyword">val</span> server_of_channels : 
+  <span><a href="../../../tls/Tls/Config/index.html#type-server">Tls.Config.server</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span class="xref-unresolved">Lwt_io</span>.input_channel * <span class="xref-unresolved">Lwt_io</span>.output_channel)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>server_of_channels server (ic, oc)</code> is <code>t</code>, after server-side TLS handshake on the input/output channels <code>ic, oc</code> using <code>server</code> configuration.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-client_of_fd"><a href="#val-client_of_fd" class="anchor"></a><code><span><span class="keyword">val</span> client_of_fd : 
+  <span><a href="../../../tls/Tls/Config/index.html#type-client">Tls.Config.client</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?host</span>:<span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Lwt_unix</span>.file_descr <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>client_of_fd client ~host fd</code> is <code>t</code>, after client-side TLS handshake of <code>fd</code> using <code>client</code> configuration and <code>host</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-client_of_channels"><a href="#val-client_of_channels" class="anchor"></a><code><span><span class="keyword">val</span> client_of_channels : 
+  <span><a href="../../../tls/Tls/Config/index.html#type-client">Tls.Config.client</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?host</span>:<span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span class="xref-unresolved">Lwt_io</span>.input_channel * <span class="xref-unresolved">Lwt_io</span>.output_channel)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>client_of_channels client ~host (ic, oc)</code> is <code>t</code>, after client-side TLS handshake over the input/output channels <code>ic, oc</code> using <code>client</code> configuration and <code>host</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-accept"><a href="#val-accept" class="anchor"></a><code><span><span class="keyword">val</span> accept : 
+  <span><a href="../../../tls/Tls/Config/index.html#type-server">Tls.Config.server</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Lwt_unix</span>.file_descr <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="#type-t">t</a> * <span class="xref-unresolved">Lwt_unix</span>.sockaddr)</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>accept server fd</code> is <code>t, sockaddr</code>, after accepting a client on <code>fd</code> and upgrading to a TLS connection.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-connect"><a href="#val-connect" class="anchor"></a><code><span><span class="keyword">val</span> connect : <span><a href="../../../tls/Tls/Config/index.html#type-client">Tls.Config.client</a> <span class="arrow">&#45;&gt;</span></span> <span><span>(string * int)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>connect client (host, port)</code> is <code>t</code>, after successful connection to <code>host</code> on <code>port</code> and TLS upgrade.</p></div></div><h3 id="common-stream-operations"><a href="#common-stream-operations" class="anchor"></a>Common stream operations</h3><div class="odoc-spec"><div class="spec value anchored" id="val-read"><a href="#val-read" class="anchor"></a><code><span><span class="keyword">val</span> read : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?off</span>:int <span class="arrow">&#45;&gt;</span></span> <span>bytes <span class="arrow">&#45;&gt;</span></span> <span>int <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>read t ~off buffer</code> is <code>length</code>, the number of bytes read into <code>buffer</code>. It fills <code>buffer</code> starting at <code>off</code> (default is 0).</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-write"><a href="#val-write" class="anchor"></a><code><span><span class="keyword">val</span> write : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>write t buffer</code> writes the <code>buffer</code> to the session.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-writev"><a href="#val-writev" class="anchor"></a><code><span><span class="keyword">val</span> writev : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span>string list</span> <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>writev t buffers</code> writes the <code>buffers</code> to the session.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-read_bytes"><a href="#val-read_bytes" class="anchor"></a><code><span><span class="keyword">val</span> read_bytes : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Lwt_bytes</span>.t <span class="arrow">&#45;&gt;</span></span> <span>int <span class="arrow">&#45;&gt;</span></span> <span>int <span class="arrow">&#45;&gt;</span></span> <span>int <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>read_bytes t bytes offset len</code> is <code>read_bytes</code>, the amount of bytes read.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-write_bytes"><a href="#val-write_bytes" class="anchor"></a><code><span><span class="keyword">val</span> write_bytes : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Lwt_bytes</span>.t <span class="arrow">&#45;&gt;</span></span> <span>int <span class="arrow">&#45;&gt;</span></span> <span>int <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>write_bytes t bytes offset length</code> writes <code>length</code> bytes of <code>bytes</code> starting at <code>offset</code> to the session.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-shutdown"><a href="#val-shutdown" class="anchor"></a><code><span><span class="keyword">val</span> shutdown : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span>[ `read <span>| `write</span> <span>| `read_write</span> ]</span> <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>shutdown t direction</code> closes the <code>direction</code> of the TLS session <code>t</code>. If <code>`read_write</code> or <code>`write</code> is closed, a TLS close_notify is sent to the other endpoint. If this results in a fully closed session (or an errorneous session), the underlying file descriptor is closed.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-close"><a href="#val-close" class="anchor"></a><code><span><span class="keyword">val</span> close : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>close t</code> closes the TLS session and the underlying file descriptor.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-reneg"><a href="#val-reneg" class="anchor"></a><code><span><span class="keyword">val</span> reneg : 
+  <span><span class="optlabel">?authenticator</span>:<span class="xref-unresolved">X509</span>.Authenticator.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?acceptable_cas</span>:<span><span class="xref-unresolved">X509</span>.Distinguished_name.t list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?cert</span>:<a href="../../../tls/Tls/Config/index.html#type-own_cert">Tls.Config.own_cert</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?drop</span>:bool <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>unit <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>reneg ~authenticator ~acceptable_cas ~cert ~drop t</code> renegotiates the session, and blocks until the renegotiation finished. Optionally, a new <code>authenticator</code> and <code>acceptable_cas</code> can be used. The own certificate can be adjusted by <code>cert</code>. If <code>drop</code> is <code>true</code> (the default), application data received before the renegotiation finished is dropped.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-key_update"><a href="#val-key_update" class="anchor"></a><code><span><span class="keyword">val</span> key_update : <span><span class="optlabel">?request</span>:bool <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>key_update ~request t</code> updates the traffic key and requests a traffic key update from the peer if <code>request</code> is provided and <code>true</code> (the default). This is only supported in TLS 1.3.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-epoch"><a href="#val-epoch" class="anchor"></a><code><span><span class="keyword">val</span> epoch : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span>(<a href="../../../tls/Tls/Core/index.html#type-epoch_data">Tls.Core.epoch_data</a>, unit)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div><div class="spec-doc"><p><code>epoch t</code> returns <code>epoch</code>, which contains information of the active session.</p></div></div></div></body></html>
diff --git a/doc/tls-lwt/Tls_lwt/index.html b/doc/tls-lwt/Tls_lwt/index.html
new file mode 100644
index 00000000..bff85f44
--- /dev/null
+++ b/doc/tls-lwt/Tls_lwt/index.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Tls_lwt (tls-lwt.Tls_lwt)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../index.html">tls-lwt</a> &#x00BB; Tls_lwt</nav><header class="odoc-preamble"><h1>Module <code><span>Tls_lwt</span></code></h1><p>Effectful operations using Lwt for pure TLS.</p><p>The pure TLS is state and buffer in, state and buffer out. This module uses Lwt for communication over the network.</p><p>This module implements a high-level API and a low-level API (in <a href="Unix/index.html"><code>Unix</code></a>). Most applications should use the high-level API described below.</p></header><nav class="odoc-toc"><ul><li><a href="#high-level-api">High-level API</a></li></ul></nav><div class="odoc-content"><div class="odoc-spec"><div class="spec exception anchored" id="exception-Tls_alert"><a href="#exception-Tls_alert" class="anchor"></a><code><span><span class="keyword">exception</span> </span><span><span class="exception">Tls_alert</span> <span class="keyword">of</span> <a href="../../tls/Tls/Packet/index.html#type-alert_type">Tls.Packet.alert_type</a></span></code></div><div class="spec-doc"><p><code>Tls_alert</code> exception received from the other endpoint</p></div></div><div class="odoc-spec"><div class="spec exception anchored" id="exception-Tls_failure"><a href="#exception-Tls_failure" class="anchor"></a><code><span><span class="keyword">exception</span> </span><span><span class="exception">Tls_failure</span> <span class="keyword">of</span> <a href="../../tls/Tls/Engine/index.html#type-failure">Tls.Engine.failure</a></span></code></div><div class="spec-doc"><p><code>Tls_failure</code> exception while processing incoming data</p></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Unix"><a href="#module-Unix" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Unix/index.html">Unix</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div><div class="spec-doc"><p>Low-level API</p></div></div><h2 id="high-level-api"><a href="#high-level-api" class="anchor"></a>High-level API</h2><div class="odoc-spec"><div class="spec type anchored" id="type-ic"><a href="#type-ic" class="anchor"></a><code><span><span class="keyword">type</span> ic</span><span> = <span class="xref-unresolved">Lwt_io</span>.input_channel</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-oc"><a href="#type-oc" class="anchor"></a><code><span><span class="keyword">type</span> oc</span><span> = <span class="xref-unresolved">Lwt_io</span>.output_channel</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-accept_ext"><a href="#val-accept_ext" class="anchor"></a><code><span><span class="keyword">val</span> accept_ext : 
+  <span><a href="../../tls/Tls/Config/index.html#type-server">Tls.Config.server</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Lwt_unix</span>.file_descr <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span>(<a href="#type-ic">ic</a> * <a href="#type-oc">oc</a>)</span> * <span class="xref-unresolved">Lwt_unix</span>.sockaddr)</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>accept_ext server fd</code> is <code>(ic, oc), sockaddr</code>, the input and output channel from an accepted connection on the given <code>fd</code>, after upgrading to TLS using the <code>server</code> configuration.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-accept"><a href="#val-accept" class="anchor"></a><code><span><span class="keyword">val</span> accept : 
+  <span><a href="../../tls/Tls/Config/index.html#type-own_cert">Tls.Config.own_cert</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Lwt_unix</span>.file_descr <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(<span>(<a href="#type-ic">ic</a> * <a href="#type-oc">oc</a>)</span> * <span class="xref-unresolved">Lwt_unix</span>.sockaddr, <span>[&gt; <span>`Msg of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>accept own_cert fd</code> is <code>(ic, oc), sockaddr</code>, the input and output channel from the accepted connection on <code>fd</code>, using the default configuration with the given <code>own_cert</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-connect_ext"><a href="#val-connect_ext" class="anchor"></a><code><span><span class="keyword">val</span> connect_ext : <span><a href="../../tls/Tls/Config/index.html#type-client">Tls.Config.client</a> <span class="arrow">&#45;&gt;</span></span> <span><span>(string * int)</span> <span class="arrow">&#45;&gt;</span></span> <span><span>(<a href="#type-ic">ic</a> * <a href="#type-oc">oc</a>)</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>connect_ext client (host, port)</code> is <code>ic, oc</code>, the input and output channel of a TLS connection to <code>host</code> on <code>port</code> using the <code>client</code> configuration.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-connect"><a href="#val-connect" class="anchor"></a><code><span><span class="keyword">val</span> connect : 
+  <span><span class="xref-unresolved">X509</span>.Authenticator.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(string * int)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(<a href="#type-ic">ic</a> * <a href="#type-oc">oc</a>, <span>[&gt; <span>`Msg of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>connect authenticator (host, port)</code> is <code>ic, oc</code>, the input and output channel of a TLS connection to <code>host</code> on <code>port</code> using the default configuration and the <code>authenticator</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_t"><a href="#val-of_t" class="anchor"></a><code><span><span class="keyword">val</span> of_t : <span><span class="optlabel">?close</span>:<span>(<span>unit <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Lwt</span>.t</span>)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="Unix/index.html#type-t">Unix.t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-ic">ic</a> * <a href="#type-oc">oc</a></span></code></div><div class="spec-doc"><p><code>of_t t</code> is <code>ic, oc</code>, the input and output channel. <code>close</code> defaults to <code>!Unix.close</code>.</p></div></div></div></body></html>
diff --git a/doc/tls-lwt/X509_lwt/index.html b/doc/tls-lwt/X509_lwt/index.html
new file mode 100644
index 00000000..413b08e6
--- /dev/null
+++ b/doc/tls-lwt/X509_lwt/index.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>X509_lwt (tls-lwt.X509_lwt)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../index.html">tls-lwt</a> &#x00BB; X509_lwt</nav><header class="odoc-preamble"><h1>Module <code><span>X509_lwt</span></code></h1><p>X.509 certificate handling using Lwt.</p></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-private_of_pems"><a href="#val-private_of_pems" class="anchor"></a><code><span><span class="keyword">val</span> private_of_pems : 
+  <span><span class="label">cert</span>:<span class="xref-unresolved">Lwt_io</span>.file_name <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">priv_key</span>:<span class="xref-unresolved">Lwt_io</span>.file_name <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../../tls/Tls/Config/index.html#type-certchain">Tls.Config.certchain</a> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>private_of_pems ~cert ~priv_key</code> is <code>priv</code>, after reading the private key and certificate chain from the given PEM-encoded files.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-certs_of_pem"><a href="#val-certs_of_pem" class="anchor"></a><code><span><span class="keyword">val</span> certs_of_pem : <span><span class="xref-unresolved">Lwt_io</span>.file_name <span class="arrow">&#45;&gt;</span></span> <span><span><span class="xref-unresolved">X509</span>.Certificate.t list</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>certs_of_pem file</code> is <code>certificates</code>, which are read from the PEM-encoded <code>file</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-certs_of_pem_dir"><a href="#val-certs_of_pem_dir" class="anchor"></a><code><span><span class="keyword">val</span> certs_of_pem_dir : <span><span class="xref-unresolved">Lwt_io</span>.file_name <span class="arrow">&#45;&gt;</span></span> <span><span><span class="xref-unresolved">X509</span>.Certificate.t list</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>certs_of_pem_dir dir</code> is <code>certificates</code>, which are read from all PEM-encoded files in <code>dir</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-authenticator"><a href="#val-authenticator" class="anchor"></a><code><span><span class="keyword">val</span> authenticator : 
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?crls</span>:<span class="xref-unresolved">Lwt_io</span>.file_name <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[ <span>`Ca_file of <span class="xref-unresolved">Lwt_io</span>.file_name</span>
+  <span><span>| `Ca_dir</span> of <span class="xref-unresolved">Lwt_io</span>.file_name</span>
+  <span><span>| `Key_fingerprint</span> of <span class="xref-unresolved">Digestif</span>.hash' * string</span>
+  <span><span>| `Hex_key_fingerprint</span> of <span class="xref-unresolved">Digestif</span>.hash' * string</span>
+  <span><span>| `Cert_fingerprint</span> of <span class="xref-unresolved">Digestif</span>.hash' * string</span>
+  <span><span>| `Hex_cert_fingerprint</span> of <span class="xref-unresolved">Digestif</span>.hash' * string</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Authenticator.t <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>authenticator methods</code> constructs an <code>authenticator</code> using the specified method and data.</p></div></div></div></body></html>
diff --git a/doc/tls-lwt/index.html b/doc/tls-lwt/index.html
new file mode 100644
index 00000000..c0ca7800
--- /dev/null
+++ b/doc/tls-lwt/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>index (tls-lwt.index)</title><meta charset="utf-8"/><link rel="stylesheet" href="../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – tls-lwt</nav><header class="odoc-preamble"><h1 id="tls-lwt-index"><a href="#tls-lwt-index" class="anchor"></a>tls-lwt index</h1></header><nav class="odoc-toc"><ul><li><a href="#library-tls-lwt">Library tls-lwt</a></li></ul></nav><div class="odoc-content"><h2 id="library-tls-lwt"><a href="#library-tls-lwt" class="anchor"></a>Library tls-lwt</h2><p>This library exposes the following toplevel modules:</p><ul class="modules"><li><a href="Tls_lwt/index.html"><code>Tls_lwt</code></a> <span class="synopsis">Effectful operations using Lwt for pure TLS.</span></li><li><a href="X509_lwt/index.html"><code>X509_lwt</code></a> <span class="synopsis">X.509 certificate handling using Lwt.</span></li></ul></div></body></html>
diff --git a/doc/tls-miou-unix/Tls_miou_unix/index.html b/doc/tls-miou-unix/Tls_miou_unix/index.html
index b22fa74a..63285f18 100644
--- a/doc/tls-miou-unix/Tls_miou_unix/index.html
+++ b/doc/tls-miou-unix/Tls_miou_unix/index.html
@@ -1,11 +1,11 @@
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Tls_miou_unix (tls-miou-unix.Tls_miou_unix)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../index.html">tls-miou-unix</a> &#x00BB; Tls_miou_unix</nav><header class="odoc-preamble"><h1>Module <code><span>Tls_miou_unix</span></code></h1><p>Effectful operations using Miou for pure TLS.</p><p>The pure TLS is state and buffer in, state and buffer out. This module uses Miou (and its Unix layer) for communication over the network.</p></header><div class="odoc-content"><div class="odoc-spec"><div class="spec exception anchored" id="exception-Tls_alert"><a href="#exception-Tls_alert" class="anchor"></a><code><span><span class="keyword">exception</span> </span><span><span class="exception">Tls_alert</span> <span class="keyword">of</span> <span class="xref-unresolved">Tls</span>.Packet.alert_type</span></code></div></div><div class="odoc-spec"><div class="spec exception anchored" id="exception-Tls_failure"><a href="#exception-Tls_failure" class="anchor"></a><code><span><span class="keyword">exception</span> </span><span><span class="exception">Tls_failure</span> <span class="keyword">of</span> <span class="xref-unresolved">Tls</span>.Engine.failure</span></code></div></div><div class="odoc-spec"><div class="spec exception anchored" id="exception-Closed_by_peer"><a href="#exception-Closed_by_peer" class="anchor"></a><code><span><span class="keyword">exception</span> </span><span><span class="exception">Closed_by_peer</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span></code></div><div class="spec-doc"><p>Abstract type of a session.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-file_descr"><a href="#val-file_descr" class="anchor"></a><code><span><span class="keyword">val</span> file_descr : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">Miou_unix</span>.file_descr</span></code></div><div class="spec-doc"><p><code>file_descr</code> returns the underlying file-descriptor used by the given TLS <i>socket</i>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-read"><a href="#val-read" class="anchor"></a><code><span><span class="keyword">val</span> read : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?off</span>:int <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?len</span>:int <span class="arrow">&#45;&gt;</span></span> <span>bytes <span class="arrow">&#45;&gt;</span></span> int</span></code></div><div class="spec-doc"><p><code>read fd buf ~off ~len</code> reads up to <code>len</code> bytes (defaults to <code>Bytes.length buf - off</code> from the given TLS <i>socket</i> <code>fd</code>, storing them in byte sequence <code>buf</code>, starting at position <code>off</code> in <code>buf</code> (defaults to <code>0</code>). It returns the actual number of characters read, between 0 and <code>len</code> (inclusive).</p><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>Unix_error</code> <p>raised by the system call <code>Unix.read</code>. The function handles <code>Unix.EINTR</code>, <code>Unix.EAGAIN</code> and <code>Unix.EWOULDBLOCK</code> exceptions and redo the system call.</p></li></ul><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>Invalid_argument</code> <p>if <code>off</code> and <code>len</code> do not designate a valid range of <code>buf</code>.</p></li></ul></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-really_read"><a href="#val-really_read" class="anchor"></a><code><span><span class="keyword">val</span> really_read : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?off</span>:int <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?len</span>:int <span class="arrow">&#45;&gt;</span></span> <span>bytes <span class="arrow">&#45;&gt;</span></span> unit</span></code></div><div class="spec-doc"><p><code>really_read fd buf ~off ~len</code> reads <code>len</code> bytes (defaults to <code>Bytes.length buf - off</code>) from the given TLS <i>socket</i> <code>fd</code>, storing them in byte sequence <code>buf</code>, starting at position <code>off</code> in <code>buf</code> (defaults to <code>0</code>). If <code>len = 0</code>, <code>really_read</code> does nothing.</p><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>Unix_error</code> <p>raised by the system call <code>Unix.read</code>. The function handles <code>Unix.EINTR</code>, <code>Unix.EAGAIN</code> and <code>Unix.EWOULDBLOCK</code> exceptions and redo the system call.</p></li></ul><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>End_of_file</code> <p>if <code>Unix.read</code> returns <code>0</code> before <code>len</code> characters have been read.</p></li></ul><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>Invalid_argument</code> <p>if <code>off</code> and <code>len</code> do not designate a valid range of <code>buf</code>.</p></li></ul></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-write"><a href="#val-write" class="anchor"></a><code><span><span class="keyword">val</span> write : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?off</span>:int <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?len</span>:int <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> unit</span></code></div><div class="spec-doc"><p><code>write t str ~off ~len</code> writes <code>len</code> bytes (defaults to <code>String.length str - off</code>) from byte sequence <code>str</code>, starting at offset <code>off</code> (defaults to <code>0</code>), to the given TLS <i>socket</i> <code>fd</code>.</p><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>Unix_error</code> <p>raised by the syscall call <code>Unix.write</code>. The function handles <code>Unix.EINTR</code>, <code>Unix.EAGAIN</code> and <code>Unix.EWOULDBLOCK</code> exceptions and redo the system call.</p></li></ul><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <a href="#exception-Closed_by_peer"><code>Closed_by_peer</code></a> <p>if <code>t</code> is connected to a peer whose reading end is closed. Similar to the <code>EPIPE</code> error for pipe/socket connected.</p></li></ul><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>Invalid_argument</code> <p>if <code>off</code> and <code>len</code> do not designate a valid range of <code>buf</code>.</p></li></ul></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-close"><a href="#val-close" class="anchor"></a><code><span><span class="keyword">val</span> close : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div><div class="spec-doc"><p><code>close flow</code> closes the TLS session and the underlying file-descriptor.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-shutdown"><a href="#val-shutdown" class="anchor"></a><code><span><span class="keyword">val</span> shutdown : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span>[ `read <span>| `write</span> <span>| `read_write</span> ]</span> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div><div class="spec-doc"><p><code>shutdown t direction</code> closes the direction of the TLS session <code>t</code>. If <code>`read_write</code> or <code>`write</code> is closed, a TLS close-notify is sent to the other endpoint. If this results in a fully-closed session (or an errorneous session), the underlying file descriptor is closed.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-client_of_fd"><a href="#val-client_of_fd" class="anchor"></a><code><span><span class="keyword">val</span> client_of_fd : 
-  <span><span class="xref-unresolved">Tls</span>.Config.client <span class="arrow">&#45;&gt;</span></span>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Tls_miou_unix (tls-miou-unix.Tls_miou_unix)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../index.html">tls-miou-unix</a> &#x00BB; Tls_miou_unix</nav><header class="odoc-preamble"><h1>Module <code><span>Tls_miou_unix</span></code></h1><p>Effectful operations using Miou for pure TLS.</p><p>The pure TLS is state and buffer in, state and buffer out. This module uses Miou (and its Unix layer) for communication over the network.</p></header><div class="odoc-content"><div class="odoc-spec"><div class="spec exception anchored" id="exception-Tls_alert"><a href="#exception-Tls_alert" class="anchor"></a><code><span><span class="keyword">exception</span> </span><span><span class="exception">Tls_alert</span> <span class="keyword">of</span> <a href="../../tls/Tls/Packet/index.html#type-alert_type">Tls.Packet.alert_type</a></span></code></div></div><div class="odoc-spec"><div class="spec exception anchored" id="exception-Tls_failure"><a href="#exception-Tls_failure" class="anchor"></a><code><span><span class="keyword">exception</span> </span><span><span class="exception">Tls_failure</span> <span class="keyword">of</span> <a href="../../tls/Tls/Engine/index.html#type-failure">Tls.Engine.failure</a></span></code></div></div><div class="odoc-spec"><div class="spec exception anchored" id="exception-Closed_by_peer"><a href="#exception-Closed_by_peer" class="anchor"></a><code><span><span class="keyword">exception</span> </span><span><span class="exception">Closed_by_peer</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span></code></div><div class="spec-doc"><p>Abstract type of a session.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-file_descr"><a href="#val-file_descr" class="anchor"></a><code><span><span class="keyword">val</span> file_descr : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">Miou_unix</span>.file_descr</span></code></div><div class="spec-doc"><p><code>file_descr</code> returns the underlying file-descriptor used by the given TLS <i>socket</i>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-read"><a href="#val-read" class="anchor"></a><code><span><span class="keyword">val</span> read : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?off</span>:int <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?len</span>:int <span class="arrow">&#45;&gt;</span></span> <span>bytes <span class="arrow">&#45;&gt;</span></span> int</span></code></div><div class="spec-doc"><p><code>read fd buf ~off ~len</code> reads up to <code>len</code> bytes (defaults to <code>Bytes.length buf - off</code> from the given TLS <i>socket</i> <code>fd</code>, storing them in byte sequence <code>buf</code>, starting at position <code>off</code> in <code>buf</code> (defaults to <code>0</code>). It returns the actual number of characters read, between 0 and <code>len</code> (inclusive).</p><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>Unix_error</code> <p>raised by the system call <code>Unix.read</code>. The function handles <code>Unix.EINTR</code>, <code>Unix.EAGAIN</code> and <code>Unix.EWOULDBLOCK</code> exceptions and redo the system call.</p></li></ul><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>Invalid_argument</code> <p>if <code>off</code> and <code>len</code> do not designate a valid range of <code>buf</code>.</p></li></ul></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-really_read"><a href="#val-really_read" class="anchor"></a><code><span><span class="keyword">val</span> really_read : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?off</span>:int <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?len</span>:int <span class="arrow">&#45;&gt;</span></span> <span>bytes <span class="arrow">&#45;&gt;</span></span> unit</span></code></div><div class="spec-doc"><p><code>really_read fd buf ~off ~len</code> reads <code>len</code> bytes (defaults to <code>Bytes.length buf - off</code>) from the given TLS <i>socket</i> <code>fd</code>, storing them in byte sequence <code>buf</code>, starting at position <code>off</code> in <code>buf</code> (defaults to <code>0</code>). If <code>len = 0</code>, <code>really_read</code> does nothing.</p><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>Unix_error</code> <p>raised by the system call <code>Unix.read</code>. The function handles <code>Unix.EINTR</code>, <code>Unix.EAGAIN</code> and <code>Unix.EWOULDBLOCK</code> exceptions and redo the system call.</p></li></ul><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>End_of_file</code> <p>if <code>Unix.read</code> returns <code>0</code> before <code>len</code> characters have been read.</p></li></ul><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>Invalid_argument</code> <p>if <code>off</code> and <code>len</code> do not designate a valid range of <code>buf</code>.</p></li></ul></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-write"><a href="#val-write" class="anchor"></a><code><span><span class="keyword">val</span> write : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?off</span>:int <span class="arrow">&#45;&gt;</span></span> <span><span class="optlabel">?len</span>:int <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> unit</span></code></div><div class="spec-doc"><p><code>write t str ~off ~len</code> writes <code>len</code> bytes (defaults to <code>String.length str - off</code>) from byte sequence <code>str</code>, starting at offset <code>off</code> (defaults to <code>0</code>), to the given TLS <i>socket</i> <code>fd</code>.</p><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>Unix_error</code> <p>raised by the syscall call <code>Unix.write</code>. The function handles <code>Unix.EINTR</code>, <code>Unix.EAGAIN</code> and <code>Unix.EWOULDBLOCK</code> exceptions and redo the system call.</p></li></ul><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <a href="#exception-Closed_by_peer"><code>Closed_by_peer</code></a> <p>if <code>t</code> is connected to a peer whose reading end is closed. Similar to the <code>EPIPE</code> error for pipe/socket connected.</p></li></ul><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>Invalid_argument</code> <p>if <code>off</code> and <code>len</code> do not designate a valid range of <code>buf</code>.</p></li></ul></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-close"><a href="#val-close" class="anchor"></a><code><span><span class="keyword">val</span> close : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div><div class="spec-doc"><p><code>close flow</code> closes the TLS session and the underlying file-descriptor.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-shutdown"><a href="#val-shutdown" class="anchor"></a><code><span><span class="keyword">val</span> shutdown : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span>[ `read <span>| `write</span> <span>| `read_write</span> ]</span> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div><div class="spec-doc"><p><code>shutdown t direction</code> closes the direction of the TLS session <code>t</code>. If <code>`read_write</code> or <code>`write</code> is closed, a TLS close-notify is sent to the other endpoint. If this results in a fully-closed session (or an errorneous session), the underlying file descriptor is closed.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-client_of_fd"><a href="#val-client_of_fd" class="anchor"></a><code><span><span class="keyword">val</span> client_of_fd : 
+  <span><a href="../../tls/Tls/Config/index.html#type-client">Tls.Config.client</a> <span class="arrow">&#45;&gt;</span></span>
   <span><span class="optlabel">?read_buffer_size</span>:int <span class="arrow">&#45;&gt;</span></span>
   <span><span class="optlabel">?host</span>:<span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> <span class="arrow">&#45;&gt;</span></span>
   <span><span class="xref-unresolved">Miou_unix</span>.file_descr <span class="arrow">&#45;&gt;</span></span>
   <a href="#type-t">t</a></span></code></div><div class="spec-doc"><p><code>client_of_flow client ~host fd</code> is <code>t</code>, after client-side TLS handshake of <code>fd</code> using <code>client</code> configuration and <code>host</code>.</p><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>End_of_file</code> <p>if we are not able to complete the handshake.</p></li></ul></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-server_of_fd"><a href="#val-server_of_fd" class="anchor"></a><code><span><span class="keyword">val</span> server_of_fd : 
-  <span><span class="xref-unresolved">Tls</span>.Config.server <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../../tls/Tls/Config/index.html#type-server">Tls.Config.server</a> <span class="arrow">&#45;&gt;</span></span>
   <span><span class="optlabel">?read_buffer_size</span>:int <span class="arrow">&#45;&gt;</span></span>
   <span><span class="xref-unresolved">Miou_unix</span>.file_descr <span class="arrow">&#45;&gt;</span></span>
-  <a href="#type-t">t</a></span></code></div><div class="spec-doc"><p><code>server_of_fd server fd</code> is <code>t</code>, after server-side TLS handshake of <code>fd</code> using <code>server</code> configuration.</p><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>End_of_file</code> <p>if we are not able to complete the handshake.</p></li></ul></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-connect"><a href="#val-connect" class="anchor"></a><code><span><span class="keyword">val</span> connect : <span><span class="xref-unresolved">X509</span>.Authenticator.t <span class="arrow">&#45;&gt;</span></span> <span><span>(string * int)</span> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div><div class="spec-doc"><p><code>connect authenticator (host, port)</code> is <code>t</code>, a connected TLS connection to <code>host</code> on <code>port</code> using the default configuration and the <code>authenticator</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-epoch"><a href="#val-epoch" class="anchor"></a><code><span><span class="keyword">val</span> epoch : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Tls</span>.Core.epoch_data option</span></span></code></div><div class="spec-doc"><p><code>epoch t</code> returns <code>epoch</code>, which contains information of the active session.</p></div></div></div></body></html>
+  <a href="#type-t">t</a></span></code></div><div class="spec-doc"><p><code>server_of_fd server fd</code> is <code>t</code>, after server-side TLS handshake of <code>fd</code> using <code>server</code> configuration.</p><ul class="at-tags"><li class="raises"><span class="at-tag">raises</span> <code>End_of_file</code> <p>if we are not able to complete the handshake.</p></li></ul></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-connect"><a href="#val-connect" class="anchor"></a><code><span><span class="keyword">val</span> connect : <span><span class="xref-unresolved">X509</span>.Authenticator.t <span class="arrow">&#45;&gt;</span></span> <span><span>(string * int)</span> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div><div class="spec-doc"><p><code>connect authenticator (host, port)</code> is <code>t</code>, a connected TLS connection to <code>host</code> on <code>port</code> using the default configuration and the <code>authenticator</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-epoch"><a href="#val-epoch" class="anchor"></a><code><span><span class="keyword">val</span> epoch : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="../../tls/Tls/Core/index.html#type-epoch_data">Tls.Core.epoch_data</a> option</span></span></code></div><div class="spec-doc"><p><code>epoch t</code> returns <code>epoch</code>, which contains information of the active session.</p></div></div></div></body></html>
diff --git a/doc/tls-mirage/Tls_mirage/Make/index.html b/doc/tls-mirage/Tls_mirage/Make/index.html
new file mode 100644
index 00000000..9161ecf1
--- /dev/null
+++ b/doc/tls-mirage/Tls_mirage/Make/index.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Make (tls-mirage.Tls_mirage.Make)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls-mirage</a> &#x00BB; <a href="../index.html">Tls_mirage</a> &#x00BB; Make</nav><header class="odoc-preamble"><h1>Module <code><span>Tls_mirage.Make</span></code></h1><p>TLS module given a flow</p></header><nav class="odoc-toc"><ul><li><a href="#parameters">Parameters</a></li><li><a href="#signature">Signature</a></li></ul></nav><div class="odoc-content"><h2 id="parameters"><a href="#parameters" class="anchor"></a>Parameters</h2><div class="odoc-spec"><div class="spec parameter anchored" id="argument-1-F"><a href="#argument-1-F" class="anchor"></a><code><span><span class="keyword">module</span> </span><span>F</span><span> : <span class="xref-unresolved">Mirage_flow</span>.S</span></code></div></div><h2 id="signature"><a href="#signature" class="anchor"></a>Signature</h2><div class="odoc-spec"><div class="spec type anchored" id="type-error"><a href="#type-error" class="anchor"></a><code><span><span class="keyword">type</span> error</span><span> = </span><span>[ </span></code><ol><li id="type-error.Tls_alert" class="def variant constructor anchored"><a href="#type-error.Tls_alert" class="anchor"></a><code><span>| </span><span>`Tls_alert <span class="keyword">of</span> <a href="../../../tls/Tls/Packet/index.html#type-alert_type">Tls.Packet.alert_type</a></span></code></li><li id="type-error.Tls_failure" class="def variant constructor anchored"><a href="#type-error.Tls_failure" class="anchor"></a><code><span>| </span><span>`Tls_failure <span class="keyword">of</span> <a href="../../../tls/Tls/Engine/index.html#type-failure">Tls.Engine.failure</a></span></code></li><li id="type-error.Read" class="def variant constructor anchored"><a href="#type-error.Read" class="anchor"></a><code><span>| </span><span>`Read <span class="keyword">of</span> <span class="xref-unresolved">F</span>.error</span></code></li><li id="type-error.Write" class="def variant constructor anchored"><a href="#type-error.Write" class="anchor"></a><code><span>| </span><span>`Write <span class="keyword">of</span> <span class="xref-unresolved">F</span>.write_error</span></code></li></ol><code><span> ]</span></code></div><div class="spec-doc"><p>possible errors: incoming alert, processing failure, or a problem in the underlying flow.</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-write_error"><a href="#type-write_error" class="anchor"></a><code><span><span class="keyword">type</span> write_error</span><span> = </span><span>[ </span></code><ol><li id="type-write_error.Closed" class="def variant constructor anchored"><a href="#type-write_error.Closed" class="anchor"></a><code><span>| </span><span>`Closed</span></code></li><li id="type-write_error.error" class="def variant type anchored"><a href="#type-write_error.error" class="anchor"></a><code><span>| </span><span><a href="#type-error">error</a></span></code></li></ol><code><span> ]</span></code></div><div class="spec-doc"><p>The type for write errors.</p></div></div><div class="odoc-include"><div class="spec-doc"><p>we provide the FLOW interface</p></div><details open="open"><summary class="spec include"><code><span><span class="keyword">include</span> <span class="xref-unresolved">Mirage_flow</span>.S
+  <span class="keyword">with</span> <span><span class="keyword">type</span> <span class="xref-unresolved">error</span> := <span class="xref-unresolved">error</span></span>
+   <span class="keyword">and</span> <span><span class="keyword">type</span> <span class="xref-unresolved">write_error</span> := <span class="xref-unresolved">write_error</span></span></span></code></summary><div class="odoc-spec"><div class="spec value anchored" id="val-pp_error"><a href="#val-pp_error" class="anchor"></a><code><span><span class="keyword">val</span> pp_error : <span><a href="#type-error">error</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_write_error"><a href="#val-pp_write_error" class="anchor"></a><code><span><span class="keyword">val</span> pp_write_error : <span><a href="#type-write_error">write_error</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-flow"><a href="#type-flow" class="anchor"></a><code><span><span class="keyword">type</span> flow</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-read"><a href="#val-read" class="anchor"></a><code><span><span class="keyword">val</span> read : <span><a href="#type-flow">flow</a> <span class="arrow">&#45;&gt;</span></span> <span><span><span>(<span><span class="xref-unresolved">Cstruct</span>.t <span class="xref-unresolved">Mirage_flow</span>.or_eof</span>, <a href="#type-error">error</a>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-write"><a href="#val-write" class="anchor"></a><code><span><span class="keyword">val</span> write : <span><a href="#type-flow">flow</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Cstruct</span>.t <span class="arrow">&#45;&gt;</span></span> <span><span><span>(unit, <a href="#type-write_error">write_error</a>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-writev"><a href="#val-writev" class="anchor"></a><code><span><span class="keyword">val</span> writev : <span><a href="#type-flow">flow</a> <span class="arrow">&#45;&gt;</span></span> <span><span><span class="xref-unresolved">Cstruct</span>.t list</span> <span class="arrow">&#45;&gt;</span></span> <span><span><span>(unit, <a href="#type-write_error">write_error</a>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-shutdown"><a href="#val-shutdown" class="anchor"></a><code><span><span class="keyword">val</span> shutdown : <span><a href="#type-flow">flow</a> <span class="arrow">&#45;&gt;</span></span> <span><span>[ `read <span>| `read_write</span> <span>| `write</span> ]</span> <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Lwt</span>.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-close"><a href="#val-close" class="anchor"></a><code><span><span class="keyword">val</span> close : <span><a href="#type-flow">flow</a> <span class="arrow">&#45;&gt;</span></span> <span>unit <span class="xref-unresolved">Lwt</span>.t</span></span></code></div></div></details></div><div class="odoc-spec"><div class="spec value anchored" id="val-underlying"><a href="#val-underlying" class="anchor"></a><code><span><span class="keyword">val</span> underlying : <span><a href="#type-flow">flow</a> <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">F</span>.flow</span></code></div><div class="spec-doc"><p><code>underlying t</code> returns the underlying flow. This is useful to extract information such as <code>src</code> and <code>dst</code> of that flow.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-reneg"><a href="#val-reneg" class="anchor"></a><code><span><span class="keyword">val</span> reneg : 
+  <span><span class="optlabel">?authenticator</span>:<span class="xref-unresolved">X509</span>.Authenticator.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?acceptable_cas</span>:<span><span class="xref-unresolved">X509</span>.Distinguished_name.t list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?cert</span>:<a href="../../../tls/Tls/Config/index.html#type-own_cert">Tls.Config.own_cert</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?drop</span>:bool <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-flow">flow</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(unit, <span>[ <a href="#type-write_error">write_error</a> <span><span>| `Msg</span> of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>reneg ~authenticator ~acceptable_cas ~cert ~drop t</code> renegotiates the session, and blocks until the renegotiation finished. Optionally, a new <code>authenticator</code> and <code>acceptable_cas</code> can be used. The own certificate can be adjusted by <code>cert</code>. If <code>drop</code> is <code>true</code> (the default), application data received before the renegotiation finished is dropped.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-key_update"><a href="#val-key_update" class="anchor"></a><code><span><span class="keyword">val</span> key_update : 
+  <span><span class="optlabel">?request</span>:bool <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-flow">flow</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(unit, <span>[ <a href="#type-write_error">write_error</a> <span><span>| `Msg</span> of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>key_update ~request t</code> updates the traffic key and requests a traffic key update from the peer if <code>request</code> is provided and <code>true</code> (the default). This is only supported in TLS 1.3.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-client_of_flow"><a href="#val-client_of_flow" class="anchor"></a><code><span><span class="keyword">val</span> client_of_flow : 
+  <span><a href="../../../tls/Tls/Config/index.html#type-client">Tls.Config.client</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?host</span>:<span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">F</span>.flow <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(<a href="#type-flow">flow</a>, <a href="#type-write_error">write_error</a>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>client_of_flow client ~host flow</code> upgrades the existing connection to TLS using the <code>client</code> configuration, using <code>host</code> as peer name.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-server_of_flow"><a href="#val-server_of_flow" class="anchor"></a><code><span><span class="keyword">val</span> server_of_flow : 
+  <span><a href="../../../tls/Tls/Config/index.html#type-server">Tls.Config.server</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">F</span>.flow <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(<a href="#type-flow">flow</a>, <a href="#type-write_error">write_error</a>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>server_of_flow server flow</code> upgrades the flow to a TLS connection using the <code>server</code> configuration.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-epoch"><a href="#val-epoch" class="anchor"></a><code><span><span class="keyword">val</span> epoch : <span><a href="#type-flow">flow</a> <span class="arrow">&#45;&gt;</span></span> <span><span>(<a href="../../../tls/Tls/Core/index.html#type-epoch_data">Tls.Core.epoch_data</a>, unit)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div><div class="spec-doc"><p><code>epoch flow</code> extracts information of the established session.</p></div></div></div></body></html>
diff --git a/doc/tls-mirage/Tls_mirage/X509/index.html b/doc/tls-mirage/Tls_mirage/X509/index.html
new file mode 100644
index 00000000..910c1d31
--- /dev/null
+++ b/doc/tls-mirage/Tls_mirage/X509/index.html
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>X509 (tls-mirage.Tls_mirage.X509)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls-mirage</a> &#x00BB; <a href="../index.html">Tls_mirage</a> &#x00BB; X509</nav><header class="odoc-preamble"><h1>Module <code><span>Tls_mirage.X509</span></code></h1><p>X.509 handling given a key value store and a clock</p></header><nav class="odoc-toc"><ul><li><a href="#parameters">Parameters</a></li><li><a href="#signature">Signature</a></li></ul></nav><div class="odoc-content"><h2 id="parameters"><a href="#parameters" class="anchor"></a>Parameters</h2><div class="odoc-spec"><div class="spec parameter anchored" id="argument-1-KV"><a href="#argument-1-KV" class="anchor"></a><code><span><span class="keyword">module</span> </span><span>KV</span><span> : <span class="xref-unresolved">Mirage_kv</span>.RO</span></code></div></div><div class="odoc-spec"><div class="spec parameter anchored" id="argument-2-C"><a href="#argument-2-C" class="anchor"></a><code><span><span class="keyword">module</span> </span><span>C</span><span> : <span class="xref-unresolved">Mirage_clock</span>.PCLOCK</span></code></div></div><h2 id="signature"><a href="#signature" class="anchor"></a>Signature</h2><div class="odoc-spec"><div class="spec value anchored" id="val-authenticator"><a href="#val-authenticator" class="anchor"></a><code><span><span class="keyword">val</span> authenticator : 
+  <span><span class="optlabel">?allowed_hashes</span>:<span><span class="xref-unresolved">Digestif</span>.hash' list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?crl</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">KV</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Authenticator.t <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>authenticator ~allowed_hashes ~crl store</code> creates an <code>authenticator</code>, using the given certificate authorities in the <code>store</code> as value for key &quot;ca_roots.crt&quot;. If <code>allowed_hashes</code> is provided, only these hash algorithms are allowed for signatures of the certificate chain. If <code>crl</code> is provided, the corresponding file is read and used as revocation list (DER encoded). Both options only apply if <code>`CAs</code> is used.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-certificate"><a href="#val-certificate" class="anchor"></a><code><span><span class="keyword">val</span> certificate : 
+  <span><span class="xref-unresolved">KV</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `Default <span><span>| `Name</span> of string</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../../../tls/Tls/Config/index.html#type-certchain">Tls.Config.certchain</a> <span class="xref-unresolved">Lwt</span>.t</span></span></code></div><div class="spec-doc"><p><code>certificate store typ</code> unmarshals a certificate chain and private key material from the <code>store</code>.</p></div></div></div></body></html>
diff --git a/doc/tls-mirage/Tls_mirage/index.html b/doc/tls-mirage/Tls_mirage/index.html
new file mode 100644
index 00000000..ae16221c
--- /dev/null
+++ b/doc/tls-mirage/Tls_mirage/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Tls_mirage (tls-mirage.Tls_mirage)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../index.html">tls-mirage</a> &#x00BB; Tls_mirage</nav><header class="odoc-preamble"><h1>Module <code><span>Tls_mirage</span></code></h1><p>Effectful operations using Mirage for pure TLS.</p></header><div class="odoc-content"><div class="odoc-spec"><div class="spec module anchored" id="module-Make"><a href="#module-Make" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Make/index.html">Make</a></span><span> (<a href="Make/index.html#argument-1-F">F</a> : <span class="xref-unresolved">Mirage_flow</span>.S) : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div><div class="spec-doc"><p>TLS module given a flow</p></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-X509"><a href="#module-X509" class="anchor"></a><code><span><span class="keyword">module</span> <a href="X509/index.html">X509</a></span><span> (<a href="X509/index.html#argument-1-KV">KV</a> : <span class="xref-unresolved">Mirage_kv</span>.RO) (<a href="X509/index.html#argument-2-C">C</a> : <span class="xref-unresolved">Mirage_clock</span>.PCLOCK) : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div><div class="spec-doc"><p>X.509 handling given a key value store and a clock</p></div></div></div></body></html>
diff --git a/doc/tls-mirage/index.html b/doc/tls-mirage/index.html
new file mode 100644
index 00000000..e2548bbe
--- /dev/null
+++ b/doc/tls-mirage/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>index (tls-mirage.index)</title><meta charset="utf-8"/><link rel="stylesheet" href="../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – tls-mirage</nav><header class="odoc-preamble"><h1 id="tls-mirage-index"><a href="#tls-mirage-index" class="anchor"></a>tls-mirage index</h1></header><nav class="odoc-toc"><ul><li><a href="#library-tls-mirage">Library tls-mirage</a></li></ul></nav><div class="odoc-content"><h2 id="library-tls-mirage"><a href="#library-tls-mirage" class="anchor"></a>Library tls-mirage</h2><p>The entry point of this library is the module: <a href="Tls_mirage/index.html"><code>Tls_mirage</code></a>.</p></div></body></html>
diff --git a/doc/tls/Tls/Ciphersuite/index.html b/doc/tls/Tls/Ciphersuite/index.html
new file mode 100644
index 00000000..5551c2b2
--- /dev/null
+++ b/doc/tls/Tls/Ciphersuite/index.html
@@ -0,0 +1,513 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Ciphersuite (tls.Tls.Ciphersuite)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Ciphersuite</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Ciphersuite</span></code></h1><p>Ciphersuite definitions and some helper functions.</p></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-key_exchange_algorithm_dhe"><a href="#type-key_exchange_algorithm_dhe" class="anchor"></a><code><span><span class="keyword">type</span> key_exchange_algorithm_dhe</span><span> = </span><span>[ </span></code><ol><li id="type-key_exchange_algorithm_dhe.FFDHE" class="def variant constructor anchored"><a href="#type-key_exchange_algorithm_dhe.FFDHE" class="anchor"></a><code><span>| </span><span>`FFDHE</span></code></li><li id="type-key_exchange_algorithm_dhe.ECDHE" class="def variant constructor anchored"><a href="#type-key_exchange_algorithm_dhe.ECDHE" class="anchor"></a><code><span>| </span><span>`ECDHE</span></code></li></ol><code><span> ]</span></code></div><div class="spec-doc"><p>sum type of all possible key exchange methods</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-key_exchange_algorithm"><a href="#type-key_exchange_algorithm" class="anchor"></a><code><span><span class="keyword">type</span> key_exchange_algorithm</span><span> = </span><span>[ </span></code><ol><li id="type-key_exchange_algorithm.key_exchange_algorithm_dhe" class="def variant type anchored"><a href="#type-key_exchange_algorithm.key_exchange_algorithm_dhe" class="anchor"></a><code><span>| </span><span><a href="#type-key_exchange_algorithm_dhe">key_exchange_algorithm_dhe</a></span></code></li><li id="type-key_exchange_algorithm.RSA" class="def variant constructor anchored"><a href="#type-key_exchange_algorithm.RSA" class="anchor"></a><code><span>| </span><span>`RSA</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_key_exchange_algorithm_dhe"><a href="#val-pp_key_exchange_algorithm_dhe" class="anchor"></a><code><span><span class="keyword">val</span> pp_key_exchange_algorithm_dhe : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `ECDHE <span>| `FFDHE</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_key_exchange_algorithm"><a href="#val-pp_key_exchange_algorithm" class="anchor"></a><code><span><span class="keyword">val</span> pp_key_exchange_algorithm : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `ECDHE <span>| `FFDHE</span> <span>| `RSA</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-required_usage"><a href="#val-required_usage" class="anchor"></a><code><span><span class="keyword">val</span> required_usage : 
+  <span><span>[&lt; `ECDHE <span>| `FFDHE</span> <span>| `RSA</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>[&gt; `Digital_signature <span>| `Key_encipherment</span> ]</span></span></code></div><div class="spec-doc"><p><code>required_usage kex</code> is <code>usage</code> which a certificate must have if it is used in the given <code>kex</code> method</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-block_cipher"><a href="#type-block_cipher" class="anchor"></a><code><span><span class="keyword">type</span> block_cipher</span><span> = </span></code><ol><li id="type-block_cipher.TRIPLE_DES_EDE_CBC" class="def variant constructor anchored"><a href="#type-block_cipher.TRIPLE_DES_EDE_CBC" class="anchor"></a><code><span>| </span><span><span class="constructor">TRIPLE_DES_EDE_CBC</span></span></code></li><li id="type-block_cipher.AES_128_CBC" class="def variant constructor anchored"><a href="#type-block_cipher.AES_128_CBC" class="anchor"></a><code><span>| </span><span><span class="constructor">AES_128_CBC</span></span></code></li><li id="type-block_cipher.AES_256_CBC" class="def variant constructor anchored"><a href="#type-block_cipher.AES_256_CBC" class="anchor"></a><code><span>| </span><span><span class="constructor">AES_256_CBC</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_block_cipher"><a href="#val-pp_block_cipher" class="anchor"></a><code><span><span class="keyword">val</span> pp_block_cipher : <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-block_cipher">block_cipher</a> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-aead_cipher"><a href="#type-aead_cipher" class="anchor"></a><code><span><span class="keyword">type</span> aead_cipher</span><span> = </span></code><ol><li id="type-aead_cipher.AES_128_CCM" class="def variant constructor anchored"><a href="#type-aead_cipher.AES_128_CCM" class="anchor"></a><code><span>| </span><span><span class="constructor">AES_128_CCM</span></span></code></li><li id="type-aead_cipher.AES_256_CCM" class="def variant constructor anchored"><a href="#type-aead_cipher.AES_256_CCM" class="anchor"></a><code><span>| </span><span><span class="constructor">AES_256_CCM</span></span></code></li><li id="type-aead_cipher.AES_128_GCM" class="def variant constructor anchored"><a href="#type-aead_cipher.AES_128_GCM" class="anchor"></a><code><span>| </span><span><span class="constructor">AES_128_GCM</span></span></code></li><li id="type-aead_cipher.AES_256_GCM" class="def variant constructor anchored"><a href="#type-aead_cipher.AES_256_GCM" class="anchor"></a><code><span>| </span><span><span class="constructor">AES_256_GCM</span></span></code></li><li id="type-aead_cipher.CHACHA20_POLY1305" class="def variant constructor anchored"><a href="#type-aead_cipher.CHACHA20_POLY1305" class="anchor"></a><code><span>| </span><span><span class="constructor">CHACHA20_POLY1305</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_aead_cipher"><a href="#val-pp_aead_cipher" class="anchor"></a><code><span><span class="keyword">val</span> pp_aead_cipher : <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-aead_cipher">aead_cipher</a> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-payload_protection13"><a href="#type-payload_protection13" class="anchor"></a><code><span><span class="keyword">type</span> payload_protection13</span><span> = </span><span>[ </span></code><ol><li id="type-payload_protection13.AEAD" class="def variant constructor anchored"><a href="#type-payload_protection13.AEAD" class="anchor"></a><code><span>| </span><span>`AEAD <span class="keyword">of</span> <a href="#type-aead_cipher">aead_cipher</a></span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_payload_protection13"><a href="#val-pp_payload_protection13" class="anchor"></a><code><span><span class="keyword">val</span> pp_payload_protection13 : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; <span>`AEAD of <a href="#type-aead_cipher">aead_cipher</a></span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-payload_protection"><a href="#type-payload_protection" class="anchor"></a><code><span><span class="keyword">type</span> payload_protection</span><span> = </span><span>[ </span></code><ol><li id="type-payload_protection.payload_protection13" class="def variant type anchored"><a href="#type-payload_protection.payload_protection13" class="anchor"></a><code><span>| </span><span><a href="#type-payload_protection13">payload_protection13</a></span></code></li><li id="type-payload_protection.Block" class="def variant constructor anchored"><a href="#type-payload_protection.Block" class="anchor"></a><code><span>| </span><span>`Block <span class="keyword">of</span> <a href="#type-block_cipher">block_cipher</a> * <span class="xref-unresolved">Digestif</span>.hash'</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_hash"><a href="#val-pp_hash" class="anchor"></a><code><span><span class="keyword">val</span> pp_hash : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `MD5 <span>| `SHA1</span> <span>| `SHA224</span> <span>| `SHA256</span> <span>| `SHA384</span> <span>| `SHA512</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_payload_protection"><a href="#val-pp_payload_protection" class="anchor"></a><code><span><span class="keyword">val</span> pp_payload_protection : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; <span>`AEAD of <a href="#type-aead_cipher">aead_cipher</a></span>
+  <span><span>| `Block</span> of
+    <a href="#type-block_cipher">block_cipher</a> * <span>[&lt; `MD5 <span>| `SHA1</span> <span>| `SHA224</span> <span>| `SHA256</span> <span>| `SHA384</span> <span>| `SHA512</span> ]</span></span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-kn_13"><a href="#val-kn_13" class="anchor"></a><code><span><span class="keyword">val</span> kn_13 : <span><a href="#type-aead_cipher">aead_cipher</a> <span class="arrow">&#45;&gt;</span></span> int * int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-key_length"><a href="#val-key_length" class="anchor"></a><code><span><span class="keyword">val</span> key_length : 
+  <span><span>unit option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; <span>`AEAD of <a href="#type-aead_cipher">aead_cipher</a></span> <span><span>| `Block</span> of <a href="#type-block_cipher">block_cipher</a> * <span class="xref-unresolved">Digestif</span>.hash'</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  int * int * int</span></code></div><div class="spec-doc"><p><code>key_length iv payload_protection</code> is <code>(key size, IV size, mac size)</code> where key IV, and mac sizes are the required bytes for the given <code>payload_protection</code></p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-ciphersuite13"><a href="#type-ciphersuite13" class="anchor"></a><code><span><span class="keyword">type</span> ciphersuite13</span><span> = </span><span>[ </span></code><ol><li id="type-ciphersuite13.AES_128_GCM_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite13.AES_128_GCM_SHA256" class="anchor"></a><code><span>| </span><span>`AES_128_GCM_SHA256</span></code></li><li id="type-ciphersuite13.AES_256_GCM_SHA384" class="def variant constructor anchored"><a href="#type-ciphersuite13.AES_256_GCM_SHA384" class="anchor"></a><code><span>| </span><span>`AES_256_GCM_SHA384</span></code></li><li id="type-ciphersuite13.CHACHA20_POLY1305_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite13.CHACHA20_POLY1305_SHA256" class="anchor"></a><code><span>| </span><span>`CHACHA20_POLY1305_SHA256</span></code></li><li id="type-ciphersuite13.AES_128_CCM_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite13.AES_128_CCM_SHA256" class="anchor"></a><code><span>| </span><span>`AES_128_CCM_SHA256</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-privprot13"><a href="#val-privprot13" class="anchor"></a><code><span><span class="keyword">val</span> privprot13 : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-aead_cipher">aead_cipher</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-hash13"><a href="#val-hash13" class="anchor"></a><code><span><span class="keyword">val</span> hash13 : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>[&gt; `SHA256 <span>| `SHA384</span> ]</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-any_ciphersuite_to_ciphersuite13"><a href="#val-any_ciphersuite_to_ciphersuite13" class="anchor"></a><code><span><span class="keyword">val</span> any_ciphersuite_to_ciphersuite13 : 
+  <span><a href="../Packet/index.html#type-any_ciphersuite">Packet.any_ciphersuite</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&gt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span> ]</span>
+    option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-ciphersuite"><a href="#type-ciphersuite" class="anchor"></a><code><span><span class="keyword">type</span> ciphersuite</span><span> = </span><span>[ </span></code><ol><li id="type-ciphersuite.ciphersuite13" class="def variant type anchored"><a href="#type-ciphersuite.ciphersuite13" class="anchor"></a><code><span>| </span><span><a href="#type-ciphersuite13">ciphersuite13</a></span></code></li><li id="type-ciphersuite.DHE_RSA_WITH_AES_128_GCM_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.DHE_RSA_WITH_AES_128_GCM_SHA256" class="anchor"></a><code><span>| </span><span>`DHE_RSA_WITH_AES_128_GCM_SHA256</span></code></li><li id="type-ciphersuite.DHE_RSA_WITH_AES_256_GCM_SHA384" class="def variant constructor anchored"><a href="#type-ciphersuite.DHE_RSA_WITH_AES_256_GCM_SHA384" class="anchor"></a><code><span>| </span><span>`DHE_RSA_WITH_AES_256_GCM_SHA384</span></code></li><li id="type-ciphersuite.DHE_RSA_WITH_AES_256_CCM" class="def variant constructor anchored"><a href="#type-ciphersuite.DHE_RSA_WITH_AES_256_CCM" class="anchor"></a><code><span>| </span><span>`DHE_RSA_WITH_AES_256_CCM</span></code></li><li id="type-ciphersuite.DHE_RSA_WITH_AES_128_CCM" class="def variant constructor anchored"><a href="#type-ciphersuite.DHE_RSA_WITH_AES_128_CCM" class="anchor"></a><code><span>| </span><span>`DHE_RSA_WITH_AES_128_CCM</span></code></li><li id="type-ciphersuite.DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" class="anchor"></a><code><span>| </span><span>`DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span></code></li><li id="type-ciphersuite.DHE_RSA_WITH_AES_256_CBC_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.DHE_RSA_WITH_AES_256_CBC_SHA256" class="anchor"></a><code><span>| </span><span>`DHE_RSA_WITH_AES_256_CBC_SHA256</span></code></li><li id="type-ciphersuite.DHE_RSA_WITH_AES_128_CBC_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.DHE_RSA_WITH_AES_128_CBC_SHA256" class="anchor"></a><code><span>| </span><span>`DHE_RSA_WITH_AES_128_CBC_SHA256</span></code></li><li id="type-ciphersuite.DHE_RSA_WITH_AES_256_CBC_SHA" class="def variant constructor anchored"><a href="#type-ciphersuite.DHE_RSA_WITH_AES_256_CBC_SHA" class="anchor"></a><code><span>| </span><span>`DHE_RSA_WITH_AES_256_CBC_SHA</span></code></li><li id="type-ciphersuite.DHE_RSA_WITH_AES_128_CBC_SHA" class="def variant constructor anchored"><a href="#type-ciphersuite.DHE_RSA_WITH_AES_128_CBC_SHA" class="anchor"></a><code><span>| </span><span>`DHE_RSA_WITH_AES_128_CBC_SHA</span></code></li><li id="type-ciphersuite.DHE_RSA_WITH_3DES_EDE_CBC_SHA" class="def variant constructor anchored"><a href="#type-ciphersuite.DHE_RSA_WITH_3DES_EDE_CBC_SHA" class="anchor"></a><code><span>| </span><span>`DHE_RSA_WITH_3DES_EDE_CBC_SHA</span></code></li><li id="type-ciphersuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256" class="anchor"></a><code><span>| </span><span>`ECDHE_RSA_WITH_AES_128_GCM_SHA256</span></code></li><li id="type-ciphersuite.ECDHE_RSA_WITH_AES_256_GCM_SHA384" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_RSA_WITH_AES_256_GCM_SHA384" class="anchor"></a><code><span>| </span><span>`ECDHE_RSA_WITH_AES_256_GCM_SHA384</span></code></li><li id="type-ciphersuite.ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" class="anchor"></a><code><span>| </span><span>`ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span></code></li><li id="type-ciphersuite.ECDHE_RSA_WITH_AES_256_CBC_SHA384" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_RSA_WITH_AES_256_CBC_SHA384" class="anchor"></a><code><span>| </span><span>`ECDHE_RSA_WITH_AES_256_CBC_SHA384</span></code></li><li id="type-ciphersuite.ECDHE_RSA_WITH_AES_128_CBC_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_RSA_WITH_AES_128_CBC_SHA256" class="anchor"></a><code><span>| </span><span>`ECDHE_RSA_WITH_AES_128_CBC_SHA256</span></code></li><li id="type-ciphersuite.ECDHE_RSA_WITH_AES_256_CBC_SHA" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_RSA_WITH_AES_256_CBC_SHA" class="anchor"></a><code><span>| </span><span>`ECDHE_RSA_WITH_AES_256_CBC_SHA</span></code></li><li id="type-ciphersuite.ECDHE_RSA_WITH_AES_128_CBC_SHA" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_RSA_WITH_AES_128_CBC_SHA" class="anchor"></a><code><span>| </span><span>`ECDHE_RSA_WITH_AES_128_CBC_SHA</span></code></li><li id="type-ciphersuite.ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" class="anchor"></a><code><span>| </span><span>`ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span></code></li><li id="type-ciphersuite.RSA_WITH_AES_256_CBC_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.RSA_WITH_AES_256_CBC_SHA256" class="anchor"></a><code><span>| </span><span>`RSA_WITH_AES_256_CBC_SHA256</span></code></li><li id="type-ciphersuite.RSA_WITH_AES_128_CBC_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.RSA_WITH_AES_128_CBC_SHA256" class="anchor"></a><code><span>| </span><span>`RSA_WITH_AES_128_CBC_SHA256</span></code></li><li id="type-ciphersuite.RSA_WITH_AES_256_CBC_SHA" class="def variant constructor anchored"><a href="#type-ciphersuite.RSA_WITH_AES_256_CBC_SHA" class="anchor"></a><code><span>| </span><span>`RSA_WITH_AES_256_CBC_SHA</span></code></li><li id="type-ciphersuite.RSA_WITH_AES_128_CBC_SHA" class="def variant constructor anchored"><a href="#type-ciphersuite.RSA_WITH_AES_128_CBC_SHA" class="anchor"></a><code><span>| </span><span>`RSA_WITH_AES_128_CBC_SHA</span></code></li><li id="type-ciphersuite.RSA_WITH_3DES_EDE_CBC_SHA" class="def variant constructor anchored"><a href="#type-ciphersuite.RSA_WITH_3DES_EDE_CBC_SHA" class="anchor"></a><code><span>| </span><span>`RSA_WITH_3DES_EDE_CBC_SHA</span></code></li><li id="type-ciphersuite.RSA_WITH_AES_128_GCM_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.RSA_WITH_AES_128_GCM_SHA256" class="anchor"></a><code><span>| </span><span>`RSA_WITH_AES_128_GCM_SHA256</span></code></li><li id="type-ciphersuite.RSA_WITH_AES_256_GCM_SHA384" class="def variant constructor anchored"><a href="#type-ciphersuite.RSA_WITH_AES_256_GCM_SHA384" class="anchor"></a><code><span>| </span><span>`RSA_WITH_AES_256_GCM_SHA384</span></code></li><li id="type-ciphersuite.RSA_WITH_AES_256_CCM" class="def variant constructor anchored"><a href="#type-ciphersuite.RSA_WITH_AES_256_CCM" class="anchor"></a><code><span>| </span><span>`RSA_WITH_AES_256_CCM</span></code></li><li id="type-ciphersuite.RSA_WITH_AES_128_CCM" class="def variant constructor anchored"><a href="#type-ciphersuite.RSA_WITH_AES_128_CCM" class="anchor"></a><code><span>| </span><span>`RSA_WITH_AES_128_CCM</span></code></li><li id="type-ciphersuite.ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" class="anchor"></a><code><span>| </span><span>`ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span></code></li><li id="type-ciphersuite.ECDHE_ECDSA_WITH_AES_128_CBC_SHA" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_ECDSA_WITH_AES_128_CBC_SHA" class="anchor"></a><code><span>| </span><span>`ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span></code></li><li id="type-ciphersuite.ECDHE_ECDSA_WITH_AES_256_CBC_SHA" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_ECDSA_WITH_AES_256_CBC_SHA" class="anchor"></a><code><span>| </span><span>`ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span></code></li><li id="type-ciphersuite.ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" class="anchor"></a><code><span>| </span><span>`ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span></code></li><li id="type-ciphersuite.ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" class="anchor"></a><code><span>| </span><span>`ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span></code></li><li id="type-ciphersuite.ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" class="anchor"></a><code><span>| </span><span>`ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span></code></li><li id="type-ciphersuite.ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" class="anchor"></a><code><span>| </span><span>`ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span></code></li><li id="type-ciphersuite.ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" class="def variant constructor anchored"><a href="#type-ciphersuite.ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" class="anchor"></a><code><span>| </span><span>`ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ciphersuite_to_ciphersuite13"><a href="#val-ciphersuite_to_ciphersuite13" class="anchor"></a><code><span><span class="keyword">val</span> ciphersuite_to_ciphersuite13 : <span><a href="#type-ciphersuite">ciphersuite</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-ciphersuite13">ciphersuite13</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-any_ciphersuite_to_ciphersuite"><a href="#val-any_ciphersuite_to_ciphersuite" class="anchor"></a><code><span><span class="keyword">val</span> any_ciphersuite_to_ciphersuite : 
+  <span><a href="../Packet/index.html#type-any_ciphersuite">Packet.any_ciphersuite</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&gt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span>
+  <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> ]</span>
+    option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ciphersuite_to_any_ciphersuite"><a href="#val-ciphersuite_to_any_ciphersuite" class="anchor"></a><code><span><span class="keyword">val</span> ciphersuite_to_any_ciphersuite : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span>
+  <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../Packet/index.html#type-any_ciphersuite">Packet.any_ciphersuite</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-get_keytype_kex_privprot"><a href="#val-get_keytype_kex_privprot" class="anchor"></a><code><span><span class="keyword">val</span> get_keytype_kex_privprot : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span>
+  <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>[&gt; `EC <span>| `RSA</span> ]</span>
+  * <span>[&gt; `ECDHE <span>| `FFDHE</span> <span>| `RSA</span> ]</span>
+  * <span>[&gt; <span>`AEAD of <a href="#type-aead_cipher">aead_cipher</a></span>
+    <span><span>| `Block</span> of <a href="#type-block_cipher">block_cipher</a> * <span>[&gt; `SHA1 <span>| `SHA256</span> <span>| `SHA384</span> ]</span></span> ]</span></span></code></div><div class="spec-doc"><p><code>get_kex_privprot ciphersuite</code> is <code>(kex, privacy_protection)</code> where it dissects the <code>ciphersuite</code> into a pair containing the key exchange method <code>kex</code>, and its <code>privacy_protection</code></p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ciphersuite_kex"><a href="#val-ciphersuite_kex" class="anchor"></a><code><span><span class="keyword">val</span> ciphersuite_kex : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span>
+  <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>[&gt; `ECDHE <span>| `FFDHE</span> <span>| `RSA</span> ]</span></span></code></div><div class="spec-doc"><p><code>ciphersuite_kex ciphersuite</code> is <code>kex</code>, first projection of <code>get_kex_privprot</code></p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ciphersuite_privprot"><a href="#val-ciphersuite_privprot" class="anchor"></a><code><span><span class="keyword">val</span> ciphersuite_privprot : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span>
+  <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>[&gt; <span>`AEAD of <a href="#type-aead_cipher">aead_cipher</a></span>
+  <span><span>| `Block</span> of <a href="#type-block_cipher">block_cipher</a> * <span>[&gt; `SHA1 <span>| `SHA256</span> <span>| `SHA384</span> ]</span></span> ]</span></span></code></div><div class="spec-doc"><p><code>ciphersuite_privprot ciphersuite</code> is <code>privprot</code>, second projection of <code>get_kex_privprot</code></p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ciphersuite_keytype"><a href="#val-ciphersuite_keytype" class="anchor"></a><code><span><span class="keyword">val</span> ciphersuite_keytype : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span>
+  <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>[&gt; `EC <span>| `RSA</span> ]</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_ciphersuite"><a href="#val-pp_ciphersuite" class="anchor"></a><code><span><span class="keyword">val</span> pp_ciphersuite : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span>
+  <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> AES_128_CCM_SHA256 AES_128_GCM_SHA256 AES_256_GCM_SHA384 CHACHA20_POLY1305_SHA256 ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_any_ciphersuite"><a href="#val-pp_any_ciphersuite" class="anchor"></a><code><span><span class="keyword">val</span> pp_any_ciphersuite : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Packet/index.html#type-any_ciphersuite">Packet.any_ciphersuite</a> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ciphersuite_fs"><a href="#val-ciphersuite_fs" class="anchor"></a><code><span><span class="keyword">val</span> ciphersuite_fs : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span>
+  <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ecdhe_only"><a href="#val-ecdhe_only" class="anchor"></a><code><span><span class="keyword">val</span> ecdhe_only : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span>
+  <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> AES_128_CCM_SHA256 AES_128_GCM_SHA256 AES_256_GCM_SHA384 CHACHA20_POLY1305_SHA256 ]</span> <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-dhe_only"><a href="#val-dhe_only" class="anchor"></a><code><span><span class="keyword">val</span> dhe_only : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span>
+  <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> AES_128_CCM_SHA256 AES_128_GCM_SHA256 AES_256_GCM_SHA384 CHACHA20_POLY1305_SHA256 ]</span> <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ecdhe"><a href="#val-ecdhe" class="anchor"></a><code><span><span class="keyword">val</span> ecdhe : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span>
+  <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> AES_128_CCM_SHA256 AES_128_GCM_SHA256 AES_256_GCM_SHA384 CHACHA20_POLY1305_SHA256 ]</span> <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ciphersuite_tls12_only"><a href="#val-ciphersuite_tls12_only" class="anchor"></a><code><span><span class="keyword">val</span> ciphersuite_tls12_only : 
+  <span><span>[&gt; `DHE_RSA_WITH_AES_128_CBC_SHA256
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ciphersuite_tls13"><a href="#val-ciphersuite_tls13" class="anchor"></a><code><span><span class="keyword">val</span> ciphersuite_tls13 : <span><span>[&gt; <a href="#type-ciphersuite13">ciphersuite13</a> ]</span> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Config/Ciphers/index.html b/doc/tls/Tls/Config/Ciphers/index.html
new file mode 100644
index 00000000..0804037e
--- /dev/null
+++ b/doc/tls/Tls/Config/Ciphers/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Ciphers (tls.Tls.Config.Ciphers)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls</a> &#x00BB; <a href="../../index.html">Tls</a> &#x00BB; <a href="../index.html">Config</a> &#x00BB; Ciphers</nav><header class="odoc-preamble"><h1>Module <code><span>Config.Ciphers</span></code></h1><p>Cipher selection</p><p>Cipher selection related utilities.</p></header><nav class="odoc-toc"><ul><li><a href="#cipher-selection">Cipher selection</a></li></ul></nav><div class="odoc-content"><h2 id="cipher-selection"><a href="#cipher-selection" class="anchor"></a>Cipher selection</h2><div class="odoc-spec"><div class="spec value anchored" id="val-default"><a href="#val-default" class="anchor"></a><code><span><span class="keyword">val</span> default : <span><a href="../../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> list</span></span></code></div><div class="spec-doc"><p><code>default</code> is a list of ciphersuites this library uses by default.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-supported"><a href="#val-supported" class="anchor"></a><code><span><span class="keyword">val</span> supported : <span><a href="../../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> list</span></span></code></div><div class="spec-doc"><p><code>supported</code> is a list of ciphersuites this library supports (larger than <code>default</code>).</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-fs"><a href="#val-fs" class="anchor"></a><code><span><span class="keyword">val</span> fs : <span><a href="../../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> list</span></span></code></div><div class="spec-doc"><p><code>fs</code> is a list of ciphersuites which provide forward secrecy (sublist of <code>default</code>).</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-http2"><a href="#val-http2" class="anchor"></a><code><span><span class="keyword">val</span> http2 : <span><a href="../../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> list</span></span></code></div><div class="spec-doc"><p><code>http2</code> is a list of ciphersuites which are allowed to be used with HTTP2: not a member of <a href="https://httpwg.org/specs/rfc7540.html#BadCipherSuites">bad cipher suites</a>. These are only ephemeral key exchanges with AEAD ciphers.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-fs_of"><a href="#val-fs_of" class="anchor"></a><code><span><span class="keyword">val</span> fs_of : <span><span><a href="../../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> list</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="../../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> list</span></span></code></div><div class="spec-doc"><p><code>fs_of ciphers</code> selects all ciphersuites which provide forward secrecy from <code>ciphers</code>.</p></div></div></div></body></html>
diff --git a/doc/tls/Tls/Config/index.html b/doc/tls/Tls/Config/index.html
new file mode 100644
index 00000000..3110b7f3
--- /dev/null
+++ b/doc/tls/Tls/Config/index.html
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Config (tls.Tls.Config)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Config</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Config</span></code></h1><p>Configuration of the TLS stack</p></header><nav class="odoc-toc"><ul><li><a href="#config-type">Config type</a></li><li><a href="#constructors">Constructors</a></li><li><a href="#note-on-alpn-protocol-selection">Note on ALPN protocol selection</a></li><li><a href="#utility-functions">Utility functions</a></li><li><a href="#internal-use-only">Internal use only</a></li></ul></nav><div class="odoc-content"><h2 id="config-type"><a href="#config-type" class="anchor"></a>Config type</h2><div class="odoc-spec"><div class="spec type anchored" id="type-certchain"><a href="#type-certchain" class="anchor"></a><code><span><span class="keyword">type</span> certchain</span><span> = <span><span class="xref-unresolved">X509</span>.Certificate.t list</span> * <span class="xref-unresolved">X509</span>.Private_key.t</span></code></div><div class="spec-doc"><p>certificate chain and private key of the first certificate</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-own_cert"><a href="#type-own_cert" class="anchor"></a><code><span><span class="keyword">type</span> own_cert</span><span> = </span><span>[ </span></code><ol><li id="type-own_cert.None" class="def variant constructor anchored"><a href="#type-own_cert.None" class="anchor"></a><code><span>| </span><span>`None</span></code></li><li id="type-own_cert.Single" class="def variant constructor anchored"><a href="#type-own_cert.Single" class="anchor"></a><code><span>| </span><span>`Single <span class="keyword">of</span> <a href="#type-certchain">certchain</a></span></code></li><li id="type-own_cert.Multiple" class="def variant constructor anchored"><a href="#type-own_cert.Multiple" class="anchor"></a><code><span>| </span><span>`Multiple <span class="keyword">of</span> <span><a href="#type-certchain">certchain</a> list</span></span></code></li><li id="type-own_cert.Multiple_default" class="def variant constructor anchored"><a href="#type-own_cert.Multiple_default" class="anchor"></a><code><span>| </span><span>`Multiple_default <span class="keyword">of</span> <a href="#type-certchain">certchain</a> * <span><a href="#type-certchain">certchain</a> list</span></span></code></li></ol><code><span> ]</span></code></div><div class="spec-doc"><p>polymorphic variant of own certificates</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-session_cache"><a href="#type-session_cache" class="anchor"></a><code><span><span class="keyword">type</span> session_cache</span><span> = <span><a href="../Core/SessionID/index.html#type-t">Core.SessionID.t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="../Core/index.html#type-epoch_data">Core.epoch_data</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-ticket_cache"><a href="#type-ticket_cache" class="anchor"></a><code><span><span class="keyword">type</span> ticket_cache</span><span> = </span><span>{</span></code><ol><li id="type-ticket_cache.lookup" class="def record field anchored"><a href="#type-ticket_cache.lookup" class="anchor"></a><code><span>lookup : <span>string <span class="arrow">&#45;&gt;</span></span> <span><span>(<a href="../Core/index.html#type-psk13">Core.psk13</a> * <a href="../Core/index.html#type-epoch_data">Core.epoch_data</a>)</span> option</span>;</span></code></li><li id="type-ticket_cache.ticket_granted" class="def record field anchored"><a href="#type-ticket_cache.ticket_granted" class="anchor"></a><code><span>ticket_granted : <span><a href="../Core/index.html#type-psk13">Core.psk13</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="../Core/index.html#type-epoch_data">Core.epoch_data</a> <span class="arrow">&#45;&gt;</span></span> unit;</span></code></li><li id="type-ticket_cache.lifetime" class="def record field anchored"><a href="#type-ticket_cache.lifetime" class="anchor"></a><code><span>lifetime : int32;</span></code></li><li id="type-ticket_cache.timestamp" class="def record field anchored"><a href="#type-ticket_cache.timestamp" class="anchor"></a><code><span>timestamp : <span>unit <span class="arrow">&#45;&gt;</span></span> <span class="xref-unresolved">Ptime</span>.t;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-config"><a href="#type-config" class="anchor"></a><code><span><span class="keyword">type</span> config</span><span> = <span class="keyword">private</span> </span><span>{</span></code><ol><li id="type-config.ciphers" class="def record field anchored"><a href="#type-config.ciphers" class="anchor"></a><code><span>ciphers : <span><a href="../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> list</span>;</span></code><div class="def-doc"><span class="comment-delim">(*</span><p>ordered list (regarding preference) of supported cipher suites</p><span class="comment-delim">*)</span></div></li><li id="type-config.protocol_versions" class="def record field anchored"><a href="#type-config.protocol_versions" class="anchor"></a><code><span>protocol_versions : <a href="../Core/index.html#type-tls_version">Core.tls_version</a> * <a href="../Core/index.html#type-tls_version">Core.tls_version</a>;</span></code><div class="def-doc"><span class="comment-delim">(*</span><p>supported protocol versions (min, max)</p><span class="comment-delim">*)</span></div></li><li id="type-config.signature_algorithms" class="def record field anchored"><a href="#type-config.signature_algorithms" class="anchor"></a><code><span>signature_algorithms : <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span>;</span></code><div class="def-doc"><span class="comment-delim">(*</span><p>ordered list of supported signature algorithms (regarding preference)</p><span class="comment-delim">*)</span></div></li><li id="type-config.use_reneg" class="def record field anchored"><a href="#type-config.use_reneg" class="anchor"></a><code><span>use_reneg : bool;</span></code><div class="def-doc"><span class="comment-delim">(*</span><p>endpoint should accept renegotiation requests</p><span class="comment-delim">*)</span></div></li><li id="type-config.authenticator" class="def record field anchored"><a href="#type-config.authenticator" class="anchor"></a><code><span>authenticator : <span><span class="xref-unresolved">X509</span>.Authenticator.t option</span>;</span></code><div class="def-doc"><span class="comment-delim">(*</span><p>optional X509 authenticator</p><span class="comment-delim">*)</span></div></li><li id="type-config.peer_name" class="def record field anchored"><a href="#type-config.peer_name" class="anchor"></a><code><span>peer_name : <span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> option</span>;</span></code><div class="def-doc"><span class="comment-delim">(*</span><p>optional name of other endpoint (used for SNI RFC4366)</p><span class="comment-delim">*)</span></div></li><li id="type-config.own_certificates" class="def record field anchored"><a href="#type-config.own_certificates" class="anchor"></a><code><span>own_certificates : <a href="#type-own_cert">own_cert</a>;</span></code><div class="def-doc"><span class="comment-delim">(*</span><p>optional default certificate chain and other certificate chains</p><span class="comment-delim">*)</span></div></li><li id="type-config.acceptable_cas" class="def record field anchored"><a href="#type-config.acceptable_cas" class="anchor"></a><code><span>acceptable_cas : <span><span class="xref-unresolved">X509</span>.Distinguished_name.t list</span>;</span></code><div class="def-doc"><span class="comment-delim">(*</span><p>ordered list of acceptable certificate authorities</p><span class="comment-delim">*)</span></div></li><li id="type-config.session_cache" class="def record field anchored"><a href="#type-config.session_cache" class="anchor"></a><code><span>session_cache : <a href="#type-session_cache">session_cache</a>;</span></code></li><li id="type-config.ticket_cache" class="def record field anchored"><a href="#type-config.ticket_cache" class="anchor"></a><code><span>ticket_cache : <span><a href="#type-ticket_cache">ticket_cache</a> option</span>;</span></code></li><li id="type-config.cached_session" class="def record field anchored"><a href="#type-config.cached_session" class="anchor"></a><code><span>cached_session : <span><a href="../Core/index.html#type-epoch_data">Core.epoch_data</a> option</span>;</span></code></li><li id="type-config.cached_ticket" class="def record field anchored"><a href="#type-config.cached_ticket" class="anchor"></a><code><span>cached_ticket : <span><span>(<a href="../Core/index.html#type-psk13">Core.psk13</a> * <a href="../Core/index.html#type-epoch_data">Core.epoch_data</a>)</span> option</span>;</span></code></li><li id="type-config.alpn_protocols" class="def record field anchored"><a href="#type-config.alpn_protocols" class="anchor"></a><code><span>alpn_protocols : <span>string list</span>;</span></code><div class="def-doc"><span class="comment-delim">(*</span><p>optional ordered list of accepted alpn_protocols</p><span class="comment-delim">*)</span></div></li><li id="type-config.groups" class="def record field anchored"><a href="#type-config.groups" class="anchor"></a><code><span>groups : <span><a href="../Core/index.html#type-group">Core.group</a> list</span>;</span></code><div class="def-doc"><span class="comment-delim">(*</span><p>the first FFDHE will be used for TLS 1.2 and below if a DHE ciphersuite is used</p><span class="comment-delim">*)</span></div></li><li id="type-config.zero_rtt" class="def record field anchored"><a href="#type-config.zero_rtt" class="anchor"></a><code><span>zero_rtt : int32;</span></code></li><li id="type-config.ip" class="def record field anchored"><a href="#type-config.ip" class="anchor"></a><code><span>ip : <span><span class="xref-unresolved">Ipaddr</span>.t option</span>;</span></code></li></ol><code><span>}</span></code></div><div class="spec-doc"><p>configuration parameters</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ciphers13"><a href="#val-ciphers13" class="anchor"></a><code><span><span class="keyword">val</span> ciphers13 : <span><a href="#type-config">config</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="../Ciphersuite/index.html#type-ciphersuite13">Ciphersuite.ciphersuite13</a> list</span></span></code></div><div class="spec-doc"><p><code>ciphers13 config</code> are the ciphersuites for TLS 1.3 in the configuration.</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-client"><a href="#type-client" class="anchor"></a><code><span><span class="keyword">type</span> client</span></code></div><div class="spec-doc"><p>opaque type of a client configuration</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-server"><a href="#type-server" class="anchor"></a><code><span><span class="keyword">type</span> server</span></code></div><div class="spec-doc"><p>opaque type of a server configuration</p></div></div><h2 id="constructors"><a href="#constructors" class="anchor"></a>Constructors</h2><div class="odoc-spec"><div class="spec value anchored" id="val-client"><a href="#val-client" class="anchor"></a><code><span><span class="keyword">val</span> client : 
+  <span><span class="label">authenticator</span>:<span class="xref-unresolved">X509</span>.Authenticator.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?peer_name</span>:<span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?ciphers</span>:<span><a href="../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?version</span>:<span>(<a href="../Core/index.html#type-tls_version">Core.tls_version</a> * <a href="../Core/index.html#type-tls_version">Core.tls_version</a>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?signature_algorithms</span>:<span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?reneg</span>:bool <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?certificates</span>:<a href="#type-own_cert">own_cert</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?cached_session</span>:<a href="../Core/index.html#type-epoch_data">Core.epoch_data</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?cached_ticket</span>:<span>(<a href="../Core/index.html#type-psk13">Core.psk13</a> * <a href="../Core/index.html#type-epoch_data">Core.epoch_data</a>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?ticket_cache</span>:<a href="#type-ticket_cache">ticket_cache</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?alpn_protocols</span>:<span>string list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?groups</span>:<span><a href="../Core/index.html#type-group">Core.group</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?ip</span>:<span class="xref-unresolved">Ipaddr</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span>unit <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="#type-client">client</a>, <span>[&gt; <span>`Msg of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div><div class="spec-doc"><p><code>client authenticator ?peer_name ?ciphers ?version ?hashes ?reneg ?certificates ?alpn_protocols</code> is <code>client</code> configuration with the given parameters. Returns an error if the configuration is invalid.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-server"><a href="#val-server" class="anchor"></a><code><span><span class="keyword">val</span> server : 
+  <span><span class="optlabel">?ciphers</span>:<span><a href="../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?version</span>:<span>(<a href="../Core/index.html#type-tls_version">Core.tls_version</a> * <a href="../Core/index.html#type-tls_version">Core.tls_version</a>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?signature_algorithms</span>:<span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?reneg</span>:bool <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?certificates</span>:<a href="#type-own_cert">own_cert</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?acceptable_cas</span>:<span><span class="xref-unresolved">X509</span>.Distinguished_name.t list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?authenticator</span>:<span class="xref-unresolved">X509</span>.Authenticator.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?session_cache</span>:<a href="#type-session_cache">session_cache</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?ticket_cache</span>:<a href="#type-ticket_cache">ticket_cache</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?alpn_protocols</span>:<span>string list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?groups</span>:<span><a href="../Core/index.html#type-group">Core.group</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?zero_rtt</span>:int32 <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?ip</span>:<span class="xref-unresolved">Ipaddr</span>.t <span class="arrow">&#45;&gt;</span></span>
+  <span>unit <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="#type-server">server</a>, <span>[&gt; <span>`Msg of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div><div class="spec-doc"><p><code>server ?ciphers ?version ?hashes ?reneg ?certificates ?acceptable_cas ?authenticator ?alpn_protocols</code> is <code>server</code> configuration with the given parameters. Returns an error if the configuration is invalid.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-peer"><a href="#val-peer" class="anchor"></a><code><span><span class="keyword">val</span> peer : <span><a href="#type-client">client</a> <span class="arrow">&#45;&gt;</span></span> <span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> <span class="arrow">&#45;&gt;</span></span> <a href="#type-client">client</a></span></code></div><div class="spec-doc"><p><code>peer client name</code> is <code>client</code> with <code>name</code> as <code>peer_name</code></p></div></div><h2 id="note-on-alpn-protocol-selection"><a href="#note-on-alpn-protocol-selection" class="anchor"></a>Note on ALPN protocol selection</h2><p>Both <a href="#val-client"><code>client</code></a> and <a href="#val-server"><code>server</code></a> constructors accept an <code>alpn_protocols</code> list. The list for server should be given in a descending order of preference. In the case of protocol selection, the server will iterate its list and select the first element that the client's list also advertises.</p><p>For example, if the client advertises <code>[&quot;foo&quot;; &quot;bar&quot;; &quot;baz&quot;]</code> and the server has <code>[&quot;bar&quot;; &quot;foo&quot;]</code>, <code>&quot;bar&quot;</code> will be selected as the protocol of the handshake.</p><h2 id="utility-functions"><a href="#utility-functions" class="anchor"></a>Utility functions</h2><div class="odoc-spec"><div class="spec value anchored" id="val-default_signature_algorithms"><a href="#val-default_signature_algorithms" class="anchor"></a><code><span><span class="keyword">val</span> default_signature_algorithms : <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span></code></div><div class="spec-doc"><p><code>default_signature_algorithms</code> is a list of signature algorithms used by default</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-supported_signature_algorithms"><a href="#val-supported_signature_algorithms" class="anchor"></a><code><span><span class="keyword">val</span> supported_signature_algorithms : <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span></code></div><div class="spec-doc"><p><code>supported_signature_algorithms</code> is a list of supported signature algorithms by this library</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-min_dh_size"><a href="#val-min_dh_size" class="anchor"></a><code><span><span class="keyword">val</span> min_dh_size : int</span></code></div><div class="spec-doc"><p><code>min_dh_size</code> is minimal diffie hellman group size in bits (currently 1024)</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-supported_groups"><a href="#val-supported_groups" class="anchor"></a><code><span><span class="keyword">val</span> supported_groups : <span><a href="../Core/index.html#type-group">Core.group</a> list</span></span></code></div><div class="spec-doc"><p><code>supported_groups</code> are the Diffie-Hellman groups supported in this library.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-elliptic_curve"><a href="#val-elliptic_curve" class="anchor"></a><code><span><span class="keyword">val</span> elliptic_curve : <span><a href="../Core/index.html#type-group">Core.group</a> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div><div class="spec-doc"><p><code>elliptic_curve group</code> is <code>true</code> if group is an elliptic curve, <code>false</code> otherwise.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-min_rsa_key_size"><a href="#val-min_rsa_key_size" class="anchor"></a><code><span><span class="keyword">val</span> min_rsa_key_size : int</span></code></div><div class="spec-doc"><p><code>min_rsa_key_size</code> is minimal RSA modulus key size in bits (currently 1024)</p></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Ciphers"><a href="#module-Ciphers" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Ciphers/index.html">Ciphers</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div><div class="spec-doc"><p>Cipher selection</p></div></div><h2 id="internal-use-only"><a href="#internal-use-only" class="anchor"></a>Internal use only</h2><div class="odoc-spec"><div class="spec value anchored" id="val-of_client"><a href="#val-of_client" class="anchor"></a><code><span><span class="keyword">val</span> of_client : <span><a href="#type-client">client</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-config">config</a></span></code></div><div class="spec-doc"><p><code>of_client client</code> is a client configuration for <code>client</code></p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_server"><a href="#val-of_server" class="anchor"></a><code><span><span class="keyword">val</span> of_server : <span><a href="#type-server">server</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-config">config</a></span></code></div><div class="spec-doc"><p><code>of_server server</code> is a server configuration for <code>server</code></p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-with_authenticator"><a href="#val-with_authenticator" class="anchor"></a><code><span><span class="keyword">val</span> with_authenticator : <span><a href="#type-config">config</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">X509</span>.Authenticator.t <span class="arrow">&#45;&gt;</span></span> <a href="#type-config">config</a></span></code></div><div class="spec-doc"><p><code>with_authenticator config auth</code> is <code>config</code> with <code>auth</code> as <code>authenticator</code></p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-with_own_certificates"><a href="#val-with_own_certificates" class="anchor"></a><code><span><span class="keyword">val</span> with_own_certificates : <span><a href="#type-config">config</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-own_cert">own_cert</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-config">config</a></span></code></div><div class="spec-doc"><p><code>with_own_certificates config cert</code> is <code>config</code> with <code>cert</code> as <code>own_cert</code></p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-with_acceptable_cas"><a href="#val-with_acceptable_cas" class="anchor"></a><code><span><span class="keyword">val</span> with_acceptable_cas : <span><a href="#type-config">config</a> <span class="arrow">&#45;&gt;</span></span> <span><span><span class="xref-unresolved">X509</span>.Distinguished_name.t list</span> <span class="arrow">&#45;&gt;</span></span> <a href="#type-config">config</a></span></code></div><div class="spec-doc"><p><code>with_acceptable_cas config cas</code> is <code>config</code> with <code>cas</code> as <code>accepted_cas</code></p></div></div></div></body></html>
diff --git a/doc/tls/Tls/Core/PreSharedKeyID/index.html b/doc/tls/Tls/Core/PreSharedKeyID/index.html
new file mode 100644
index 00000000..dc525d1d
--- /dev/null
+++ b/doc/tls/Tls/Core/PreSharedKeyID/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>PreSharedKeyID (tls.Tls.Core.PreSharedKeyID)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls</a> &#x00BB; <a href="../../index.html">Tls</a> &#x00BB; <a href="../index.html">Core</a> &#x00BB; PreSharedKeyID</nav><header class="odoc-preamble"><h1>Module <code><span>Core.PreSharedKeyID</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-compare"><a href="#val-compare" class="anchor"></a><code><span><span class="keyword">val</span> compare : <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-hash"><a href="#val-hash" class="anchor"></a><code><span><span class="keyword">val</span> hash : <span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-equal"><a href="#val-equal" class="anchor"></a><code><span><span class="keyword">val</span> equal : <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Core/SessionID/index.html b/doc/tls/Tls/Core/SessionID/index.html
new file mode 100644
index 00000000..ea39ae46
--- /dev/null
+++ b/doc/tls/Tls/Core/SessionID/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>SessionID (tls.Tls.Core.SessionID)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls</a> &#x00BB; <a href="../../index.html">Tls</a> &#x00BB; <a href="../index.html">Core</a> &#x00BB; SessionID</nav><header class="odoc-preamble"><h1>Module <code><span>Core.SessionID</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-compare"><a href="#val-compare" class="anchor"></a><code><span><span class="keyword">val</span> compare : <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-hash"><a href="#val-hash" class="anchor"></a><code><span><span class="keyword">val</span> hash : <span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-equal"><a href="#val-equal" class="anchor"></a><code><span><span class="keyword">val</span> equal : <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Core/Tracing/index.html b/doc/tls/Tls/Core/Tracing/index.html
new file mode 100644
index 00000000..6ce50960
--- /dev/null
+++ b/doc/tls/Tls/Core/Tracing/index.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Tracing (tls.Tls.Core.Tracing)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls</a> &#x00BB; <a href="../../index.html">Tls</a> &#x00BB; <a href="../index.html">Core</a> &#x00BB; Tracing</nav><header class="odoc-preamble"><h1>Module <code><span>Core.Tracing</span></code></h1></header><div class="odoc-content"><div class="odoc-include"><details open="open"><summary class="spec include"><code><span><span class="keyword">include</span> <span class="xref-unresolved">Logs</span>.LOG</span></code></summary><div class="odoc-spec"><div class="spec value anchored" id="val-msg"><a href="#val-msg" class="anchor"></a><code><span><span class="keyword">val</span> msg : <span><span class="xref-unresolved">Logs</span>.level <span class="arrow">&#45;&gt;</span></span> <span><span class="type-var">'a</span> <span class="xref-unresolved">Logs</span>.log</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-app"><a href="#val-app" class="anchor"></a><code><span><span class="keyword">val</span> app : <span><span class="type-var">'a</span> <span class="xref-unresolved">Logs</span>.log</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-err"><a href="#val-err" class="anchor"></a><code><span><span class="keyword">val</span> err : <span><span class="type-var">'a</span> <span class="xref-unresolved">Logs</span>.log</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-warn"><a href="#val-warn" class="anchor"></a><code><span><span class="keyword">val</span> warn : <span><span class="type-var">'a</span> <span class="xref-unresolved">Logs</span>.log</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-info"><a href="#val-info" class="anchor"></a><code><span><span class="keyword">val</span> info : <span><span class="type-var">'a</span> <span class="xref-unresolved">Logs</span>.log</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-debug"><a href="#val-debug" class="anchor"></a><code><span><span class="keyword">val</span> debug : <span><span class="type-var">'a</span> <span class="xref-unresolved">Logs</span>.log</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-kmsg"><a href="#val-kmsg" class="anchor"></a><code><span><span class="keyword">val</span> kmsg : <span><span>(<span>unit <span class="arrow">&#45;&gt;</span></span> <span class="type-var">'b</span>)</span> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Logs</span>.level <span class="arrow">&#45;&gt;</span></span> <span><span><span>(<span class="type-var">'a</span>, <span class="type-var">'b</span>)</span> <span class="xref-unresolved">Logs</span>.msgf</span> <span class="arrow">&#45;&gt;</span></span> <span class="type-var">'b</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-on_error"><a href="#val-on_error" class="anchor"></a><code><span><span class="keyword">val</span> on_error : 
+  <span><span class="optlabel">?level</span>:<span class="xref-unresolved">Logs</span>.level <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?header</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?tags</span>:<span class="xref-unresolved">Logs</span>.Tag.set <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">pp</span>:<span>(<span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span> <span><span class="type-var">'b</span> <span class="arrow">&#45;&gt;</span></span> unit)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">use</span>:<span>(<span><span class="type-var">'b</span> <span class="arrow">&#45;&gt;</span></span> <span class="type-var">'a</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(<span class="type-var">'a</span>, <span class="type-var">'b</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="arrow">&#45;&gt;</span></span>
+  <span class="type-var">'a</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-on_error_msg"><a href="#val-on_error_msg" class="anchor"></a><code><span><span class="keyword">val</span> on_error_msg : 
+  <span><span class="optlabel">?level</span>:<span class="xref-unresolved">Logs</span>.level <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?header</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?tags</span>:<span class="xref-unresolved">Logs</span>.Tag.set <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">use</span>:<span>(<span>unit <span class="arrow">&#45;&gt;</span></span> <span class="type-var">'a</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(<span class="type-var">'a</span>, <span>[ <span>`Msg of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="arrow">&#45;&gt;</span></span>
+  <span class="type-var">'a</span></span></code></div></div></details></div><div class="odoc-spec"><div class="spec value anchored" id="val-cs"><a href="#val-cs" class="anchor"></a><code><span><span class="keyword">val</span> cs : <span><span class="label">tag</span>:string <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-hs"><a href="#val-hs" class="anchor"></a><code><span><span class="keyword">val</span> hs : <span><span class="label">tag</span>:string <span class="arrow">&#45;&gt;</span></span> <span><a href="../index.html#type-tls_handshake">tls_handshake</a> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Core/index.html b/doc/tls/Tls/Core/index.html
new file mode 100644
index 00000000..5ca15e5a
--- /dev/null
+++ b/doc/tls/Tls/Core/index.html
@@ -0,0 +1,187 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Core (tls.Tls.Core)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Core</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Core</span></code></h1><p>Core type definitions</p></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-let*"><a href="#val-let*" class="anchor"></a><code><span><span class="keyword">val</span> let* : 
+  <span><span><span>(<span class="type-var">'a</span>, <span class="type-var">'b</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span> <span><span>(<span class="type-var">'c</span>, <span class="type-var">'b</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span class="type-var">'c</span>, <span class="type-var">'b</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-guard"><a href="#val-guard" class="anchor"></a><code><span><span class="keyword">val</span> guard : <span>bool <span class="arrow">&#45;&gt;</span></span> <span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span> <span><span>(unit, <span class="type-var">'b</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-split_str"><a href="#val-split_str" class="anchor"></a><code><span><span class="keyword">val</span> split_str : <span><span class="optlabel">?start</span>:int <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <span>int <span class="arrow">&#45;&gt;</span></span> string * string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-map_reader_error"><a href="#val-map_reader_error" class="anchor"></a><code><span><span class="keyword">val</span> map_reader_error : 
+  <span><span><span>(<span class="type-var">'a</span>, <span class="type-var">'b</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span class="type-var">'a</span>, <span>[&gt; <span>`Fatal of <span class="type-var">'b</span></span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-tls13"><a href="#type-tls13" class="anchor"></a><code><span><span class="keyword">type</span> tls13</span><span> = </span><span>[ </span></code><ol><li id="type-tls13.TLS_1_3" class="def variant constructor anchored"><a href="#type-tls13.TLS_1_3" class="anchor"></a><code><span>| </span><span>`TLS_1_3</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_tls13"><a href="#val-pp_tls13" class="anchor"></a><code><span><span class="keyword">val</span> pp_tls13 : <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span> <span><span>[&lt; `TLS_1_3 ]</span> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-tls_before_13"><a href="#type-tls_before_13" class="anchor"></a><code><span><span class="keyword">type</span> tls_before_13</span><span> = </span><span>[ </span></code><ol><li id="type-tls_before_13.TLS_1_0" class="def variant constructor anchored"><a href="#type-tls_before_13.TLS_1_0" class="anchor"></a><code><span>| </span><span>`TLS_1_0</span></code></li><li id="type-tls_before_13.TLS_1_1" class="def variant constructor anchored"><a href="#type-tls_before_13.TLS_1_1" class="anchor"></a><code><span>| </span><span>`TLS_1_1</span></code></li><li id="type-tls_before_13.TLS_1_2" class="def variant constructor anchored"><a href="#type-tls_before_13.TLS_1_2" class="anchor"></a><code><span>| </span><span>`TLS_1_2</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_tls_before_13"><a href="#val-pp_tls_before_13" class="anchor"></a><code><span><span class="keyword">val</span> pp_tls_before_13 : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-tls_version"><a href="#type-tls_version" class="anchor"></a><code><span><span class="keyword">type</span> tls_version</span><span> = </span><span>[ </span></code><ol><li id="type-tls_version.tls13" class="def variant type anchored"><a href="#type-tls_version.tls13" class="anchor"></a><code><span>| </span><span><a href="#type-tls13">tls13</a></span></code></li><li id="type-tls_version.tls_before_13" class="def variant type anchored"><a href="#type-tls_version.tls_before_13" class="anchor"></a><code><span>| </span><span><a href="#type-tls_before_13">tls_before_13</a></span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_tls_version"><a href="#val-pp_tls_version" class="anchor"></a><code><span><span class="keyword">val</span> pp_tls_version : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pair_of_tls_version"><a href="#val-pair_of_tls_version" class="anchor"></a><code><span><span class="keyword">val</span> pair_of_tls_version : 
+  <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  int * int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-compare_tls_version"><a href="#val-compare_tls_version" class="anchor"></a><code><span><span class="keyword">val</span> compare_tls_version : 
+  <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-next"><a href="#val-next" class="anchor"></a><code><span><span class="keyword">val</span> next : 
+  <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&gt; `TLS_1_1 <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-all_versions"><a href="#val-all_versions" class="anchor"></a><code><span><span class="keyword">val</span> all_versions : 
+  <span><span>(<span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> TLS_1_1 TLS_1_2 TLS_1_3 ]</span> <span class="keyword">as</span> 'a
+   * <span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="type-var">'b</span> list</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-tls_version_of_pair"><a href="#val-tls_version_of_pair" class="anchor"></a><code><span><span class="keyword">val</span> tls_version_of_pair : 
+  <span><span>(int * int)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&gt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-tls_any_version"><a href="#type-tls_any_version" class="anchor"></a><code><span><span class="keyword">type</span> tls_any_version</span><span> = </span><span>[ </span></code><ol><li id="type-tls_any_version.tls_version" class="def variant type anchored"><a href="#type-tls_any_version.tls_version" class="anchor"></a><code><span>| </span><span><a href="#type-tls_version">tls_version</a></span></code></li><li id="type-tls_any_version.SSL_3" class="def variant constructor anchored"><a href="#type-tls_any_version.SSL_3" class="anchor"></a><code><span>| </span><span>`SSL_3</span></code></li><li id="type-tls_any_version.TLS_1_X" class="def variant constructor anchored"><a href="#type-tls_any_version.TLS_1_X" class="anchor"></a><code><span>| </span><span>`TLS_1_X <span class="keyword">of</span> int</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_tls_any_version"><a href="#val-pp_tls_any_version" class="anchor"></a><code><span><span class="keyword">val</span> pp_tls_any_version : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `SSL_3 <span>| `TLS_1_0</span> <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> <span><span>| `TLS_1_X</span> of int</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-any_version_to_version"><a href="#val-any_version_to_version" class="anchor"></a><code><span><span class="keyword">val</span> any_version_to_version : 
+  <span><span>[&gt; <a href="#type-tls_version">tls_version</a> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&gt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-version_eq"><a href="#val-version_eq" class="anchor"></a><code><span><span class="keyword">val</span> version_eq : 
+  <span><span>[&gt; <a href="#type-tls_version">tls_version</a> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-version_ge"><a href="#val-version_ge" class="anchor"></a><code><span><span class="keyword">val</span> version_ge : 
+  <span><span>[&lt; `SSL_3 <span>| `TLS_1_0</span> <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> <span><span>| `TLS_1_X</span> of <span class="type-var">'a</span></span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-tls_any_version_of_pair"><a href="#val-tls_any_version_of_pair" class="anchor"></a><code><span><span class="keyword">val</span> tls_any_version_of_pair : 
+  <span><span>(int * int)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&gt; `SSL_3 <span>| `TLS_1_0</span> <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> <span><span>| `TLS_1_X</span> of int</span> ]</span>
+    option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pair_of_tls_any_version"><a href="#val-pair_of_tls_any_version" class="anchor"></a><code><span><span class="keyword">val</span> pair_of_tls_any_version : 
+  <span><span>[&lt; `SSL_3 <span>| `TLS_1_0</span> <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> <span><span>| `TLS_1_X</span> of int</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  int * int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-max_protocol_version"><a href="#val-max_protocol_version" class="anchor"></a><code><span><span class="keyword">val</span> max_protocol_version : <span><span>(<span class="type-var">'a</span> * <span class="type-var">'b</span>)</span> <span class="arrow">&#45;&gt;</span></span> <span class="type-var">'c</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-min_protocol_version"><a href="#val-min_protocol_version" class="anchor"></a><code><span><span class="keyword">val</span> min_protocol_version : <span><span>(<span class="type-var">'a</span> * <span class="type-var">'b</span>)</span> <span class="arrow">&#45;&gt;</span></span> <span class="type-var">'c</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-tls_hdr"><a href="#type-tls_hdr" class="anchor"></a><code><span><span class="keyword">type</span> tls_hdr</span><span> = </span><span>{</span></code><ol><li id="type-tls_hdr.content_type" class="def record field anchored"><a href="#type-tls_hdr.content_type" class="anchor"></a><code><span>content_type : <a href="../Packet/index.html#type-content_type">Packet.content_type</a>;</span></code></li><li id="type-tls_hdr.version" class="def record field anchored"><a href="#type-tls_hdr.version" class="anchor"></a><code><span>version : <a href="#type-tls_any_version">tls_any_version</a>;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_tls_hdr"><a href="#val-pp_tls_hdr" class="anchor"></a><code><span><span class="keyword">val</span> pp_tls_hdr : <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-tls_hdr">tls_hdr</a> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-SessionID"><a href="#module-SessionID" class="anchor"></a><code><span><span class="keyword">module</span> <a href="SessionID/index.html">SessionID</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-PreSharedKeyID"><a href="#module-PreSharedKeyID" class="anchor"></a><code><span><span class="keyword">module</span> <a href="PreSharedKeyID/index.html">PreSharedKeyID</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-psk_identity"><a href="#type-psk_identity" class="anchor"></a><code><span><span class="keyword">type</span> psk_identity</span><span> = <span>(string * int32)</span> * string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-binders_len"><a href="#val-binders_len" class="anchor"></a><code><span><span class="keyword">val</span> binders_len : <span><span><span>(<span class="type-var">'a</span> * string)</span> list</span> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-group"><a href="#type-group" class="anchor"></a><code><span><span class="keyword">type</span> group</span><span> = </span><span>[ </span></code><ol><li id="type-group.FFDHE2048" class="def variant constructor anchored"><a href="#type-group.FFDHE2048" class="anchor"></a><code><span>| </span><span>`FFDHE2048</span></code></li><li id="type-group.FFDHE3072" class="def variant constructor anchored"><a href="#type-group.FFDHE3072" class="anchor"></a><code><span>| </span><span>`FFDHE3072</span></code></li><li id="type-group.FFDHE4096" class="def variant constructor anchored"><a href="#type-group.FFDHE4096" class="anchor"></a><code><span>| </span><span>`FFDHE4096</span></code></li><li id="type-group.FFDHE6144" class="def variant constructor anchored"><a href="#type-group.FFDHE6144" class="anchor"></a><code><span>| </span><span>`FFDHE6144</span></code></li><li id="type-group.FFDHE8192" class="def variant constructor anchored"><a href="#type-group.FFDHE8192" class="anchor"></a><code><span>| </span><span>`FFDHE8192</span></code></li><li id="type-group.X25519" class="def variant constructor anchored"><a href="#type-group.X25519" class="anchor"></a><code><span>| </span><span>`X25519</span></code></li><li id="type-group.P256" class="def variant constructor anchored"><a href="#type-group.P256" class="anchor"></a><code><span>| </span><span>`P256</span></code></li><li id="type-group.P384" class="def variant constructor anchored"><a href="#type-group.P384" class="anchor"></a><code><span>| </span><span>`P384</span></code></li><li id="type-group.P521" class="def variant constructor anchored"><a href="#type-group.P521" class="anchor"></a><code><span>| </span><span>`P521</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_group"><a href="#val-pp_group" class="anchor"></a><code><span><span class="keyword">val</span> pp_group : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `FFDHE2048
+  <span>| `FFDHE3072</span>
+  <span>| `FFDHE4096</span>
+  <span>| `FFDHE6144</span>
+  <span>| `FFDHE8192</span>
+  <span>| `P256</span>
+  <span>| `P384</span>
+  <span>| `P521</span>
+  <span>| `X25519</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-named_group_to_group"><a href="#val-named_group_to_group" class="anchor"></a><code><span><span class="keyword">val</span> named_group_to_group : 
+  <span><a href="../Packet/index.html#type-named_group">Packet.named_group</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&gt; `FFDHE2048
+  <span>| `FFDHE3072</span>
+  <span>| `FFDHE4096</span>
+  <span>| `FFDHE6144</span>
+  <span>| `FFDHE8192</span>
+  <span>| `P256</span>
+  <span>| `P384</span>
+  <span>| `P521</span>
+  <span>| `X25519</span> ]</span>
+    option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-group_to_named_group"><a href="#val-group_to_named_group" class="anchor"></a><code><span><span class="keyword">val</span> group_to_named_group : 
+  <span><span>[&lt; `FFDHE2048
+  <span>| `FFDHE3072</span>
+  <span>| `FFDHE4096</span>
+  <span>| `FFDHE6144</span>
+  <span>| `FFDHE8192</span>
+  <span>| `P256</span>
+  <span>| `P384</span>
+  <span>| `P521</span>
+  <span>| `X25519</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../Packet/index.html#type-named_group">Packet.named_group</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-group_to_impl"><a href="#val-group_to_impl" class="anchor"></a><code><span><span class="keyword">val</span> group_to_impl : 
+  <span><span>[&lt; `FFDHE2048
+  <span>| `FFDHE3072</span>
+  <span>| `FFDHE4096</span>
+  <span>| `FFDHE6144</span>
+  <span>| `FFDHE8192</span>
+  <span>| `P256</span>
+  <span>| `P384</span>
+  <span>| `P521</span>
+  <span>| `X25519</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>[&gt; <span>`Finite_field of <span class="xref-unresolved">Mirage_crypto_pk</span>.Dh.group</span>
+  <span>| `P256</span>
+  <span>| `P384</span>
+  <span>| `P521</span>
+  <span>| `X25519</span> ]</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-signature_algorithm"><a href="#type-signature_algorithm" class="anchor"></a><code><span><span class="keyword">type</span> signature_algorithm</span><span> = </span><span>[ </span></code><ol><li id="type-signature_algorithm.RSA_PKCS1_MD5" class="def variant constructor anchored"><a href="#type-signature_algorithm.RSA_PKCS1_MD5" class="anchor"></a><code><span>| </span><span>`RSA_PKCS1_MD5</span></code></li><li id="type-signature_algorithm.RSA_PKCS1_SHA1" class="def variant constructor anchored"><a href="#type-signature_algorithm.RSA_PKCS1_SHA1" class="anchor"></a><code><span>| </span><span>`RSA_PKCS1_SHA1</span></code></li><li id="type-signature_algorithm.RSA_PKCS1_SHA224" class="def variant constructor anchored"><a href="#type-signature_algorithm.RSA_PKCS1_SHA224" class="anchor"></a><code><span>| </span><span>`RSA_PKCS1_SHA224</span></code></li><li id="type-signature_algorithm.RSA_PKCS1_SHA256" class="def variant constructor anchored"><a href="#type-signature_algorithm.RSA_PKCS1_SHA256" class="anchor"></a><code><span>| </span><span>`RSA_PKCS1_SHA256</span></code></li><li id="type-signature_algorithm.RSA_PKCS1_SHA384" class="def variant constructor anchored"><a href="#type-signature_algorithm.RSA_PKCS1_SHA384" class="anchor"></a><code><span>| </span><span>`RSA_PKCS1_SHA384</span></code></li><li id="type-signature_algorithm.RSA_PKCS1_SHA512" class="def variant constructor anchored"><a href="#type-signature_algorithm.RSA_PKCS1_SHA512" class="anchor"></a><code><span>| </span><span>`RSA_PKCS1_SHA512</span></code></li><li id="type-signature_algorithm.ECDSA_SECP256R1_SHA1" class="def variant constructor anchored"><a href="#type-signature_algorithm.ECDSA_SECP256R1_SHA1" class="anchor"></a><code><span>| </span><span>`ECDSA_SECP256R1_SHA1</span></code></li><li id="type-signature_algorithm.ECDSA_SECP256R1_SHA256" class="def variant constructor anchored"><a href="#type-signature_algorithm.ECDSA_SECP256R1_SHA256" class="anchor"></a><code><span>| </span><span>`ECDSA_SECP256R1_SHA256</span></code></li><li id="type-signature_algorithm.ECDSA_SECP384R1_SHA384" class="def variant constructor anchored"><a href="#type-signature_algorithm.ECDSA_SECP384R1_SHA384" class="anchor"></a><code><span>| </span><span>`ECDSA_SECP384R1_SHA384</span></code></li><li id="type-signature_algorithm.ECDSA_SECP521R1_SHA512" class="def variant constructor anchored"><a href="#type-signature_algorithm.ECDSA_SECP521R1_SHA512" class="anchor"></a><code><span>| </span><span>`ECDSA_SECP521R1_SHA512</span></code></li><li id="type-signature_algorithm.RSA_PSS_RSAENC_SHA256" class="def variant constructor anchored"><a href="#type-signature_algorithm.RSA_PSS_RSAENC_SHA256" class="anchor"></a><code><span>| </span><span>`RSA_PSS_RSAENC_SHA256</span></code></li><li id="type-signature_algorithm.RSA_PSS_RSAENC_SHA384" class="def variant constructor anchored"><a href="#type-signature_algorithm.RSA_PSS_RSAENC_SHA384" class="anchor"></a><code><span>| </span><span>`RSA_PSS_RSAENC_SHA384</span></code></li><li id="type-signature_algorithm.RSA_PSS_RSAENC_SHA512" class="def variant constructor anchored"><a href="#type-signature_algorithm.RSA_PSS_RSAENC_SHA512" class="anchor"></a><code><span>| </span><span>`RSA_PSS_RSAENC_SHA512</span></code></li><li id="type-signature_algorithm.ED25519" class="def variant constructor anchored"><a href="#type-signature_algorithm.ED25519" class="anchor"></a><code><span>| </span><span>`ED25519</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-hash_of_signature_algorithm"><a href="#val-hash_of_signature_algorithm" class="anchor"></a><code><span><span class="keyword">val</span> hash_of_signature_algorithm : 
+  <span><span>[&lt; `ECDSA_SECP256R1_SHA1
+  <span>| `ECDSA_SECP256R1_SHA256</span>
+  <span>| `ECDSA_SECP384R1_SHA384</span>
+  <span>| `ECDSA_SECP521R1_SHA512</span>
+  <span>| `ED25519</span>
+  <span>| `RSA_PKCS1_MD5</span>
+  <span>| `RSA_PKCS1_SHA1</span>
+  <span>| `RSA_PKCS1_SHA224</span>
+  <span>| `RSA_PKCS1_SHA256</span>
+  <span>| `RSA_PKCS1_SHA384</span>
+  <span>| `RSA_PKCS1_SHA512</span>
+  <span>| `RSA_PSS_RSAENC_SHA256</span>
+  <span>| `RSA_PSS_RSAENC_SHA384</span>
+  <span>| `RSA_PSS_RSAENC_SHA512</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>[&gt; `MD5 <span>| `SHA1</span> <span>| `SHA224</span> <span>| `SHA256</span> <span>| `SHA384</span> <span>| `SHA512</span> ]</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-signature_scheme_of_signature_algorithm"><a href="#val-signature_scheme_of_signature_algorithm" class="anchor"></a><code><span><span class="keyword">val</span> signature_scheme_of_signature_algorithm : 
+  <span><span>[&lt; `ECDSA_SECP256R1_SHA1
+  <span>| `ECDSA_SECP256R1_SHA256</span>
+  <span>| `ECDSA_SECP384R1_SHA384</span>
+  <span>| `ECDSA_SECP521R1_SHA512</span>
+  <span>| `ED25519</span>
+  <span>| `RSA_PKCS1_MD5</span>
+  <span>| `RSA_PKCS1_SHA1</span>
+  <span>| `RSA_PKCS1_SHA224</span>
+  <span>| `RSA_PKCS1_SHA256</span>
+  <span>| `RSA_PKCS1_SHA384</span>
+  <span>| `RSA_PKCS1_SHA512</span>
+  <span>| `RSA_PSS_RSAENC_SHA256</span>
+  <span>| `RSA_PSS_RSAENC_SHA384</span>
+  <span>| `RSA_PSS_RSAENC_SHA512</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>[&gt; `ECDSA <span>| `ED25519</span> <span>| `RSA_PKCS1</span> <span>| `RSA_PSS</span> ]</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_signature_algorithm"><a href="#val-pp_signature_algorithm" class="anchor"></a><code><span><span class="keyword">val</span> pp_signature_algorithm : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `ECDSA_SECP256R1_SHA1
+  <span>| `ECDSA_SECP256R1_SHA256</span>
+  <span>| `ECDSA_SECP384R1_SHA384</span>
+  <span>| `ECDSA_SECP521R1_SHA512</span>
+  <span>| `ED25519</span>
+  <span>| `RSA_PKCS1_MD5</span>
+  <span>| `RSA_PKCS1_SHA1</span>
+  <span>| `RSA_PKCS1_SHA224</span>
+  <span>| `RSA_PKCS1_SHA256</span>
+  <span>| `RSA_PKCS1_SHA384</span>
+  <span>| `RSA_PKCS1_SHA512</span>
+  <span>| `RSA_PSS_RSAENC_SHA256</span>
+  <span>| `RSA_PSS_RSAENC_SHA384</span>
+  <span>| `RSA_PSS_RSAENC_SHA512</span> ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-rsa_sigalg"><a href="#val-rsa_sigalg" class="anchor"></a><code><span><span class="keyword">val</span> rsa_sigalg : 
+  <span><span>[&lt; `ECDSA_SECP256R1_SHA1
+  <span>| `ECDSA_SECP256R1_SHA256</span>
+  <span>| `ECDSA_SECP384R1_SHA384</span>
+  <span>| `ECDSA_SECP521R1_SHA512</span>
+  <span>| `ED25519</span>
+  <span>| `RSA_PKCS1_MD5</span>
+  <span>| `RSA_PKCS1_SHA1</span>
+  <span>| `RSA_PKCS1_SHA224</span>
+  <span>| `RSA_PKCS1_SHA256</span>
+  <span>| `RSA_PKCS1_SHA384</span>
+  <span>| `RSA_PKCS1_SHA512</span>
+  <span>| `RSA_PSS_RSAENC_SHA256</span>
+  <span>| `RSA_PSS_RSAENC_SHA384</span>
+  <span>| `RSA_PSS_RSAENC_SHA512</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-tls13_sigalg"><a href="#val-tls13_sigalg" class="anchor"></a><code><span><span class="keyword">val</span> tls13_sigalg : 
+  <span><span>[&lt; `ECDSA_SECP256R1_SHA1
+  <span>| `ECDSA_SECP256R1_SHA256</span>
+  <span>| `ECDSA_SECP384R1_SHA384</span>
+  <span>| `ECDSA_SECP521R1_SHA512</span>
+  <span>| `ED25519</span>
+  <span>| `RSA_PKCS1_MD5</span>
+  <span>| `RSA_PKCS1_SHA1</span>
+  <span>| `RSA_PKCS1_SHA224</span>
+  <span>| `RSA_PKCS1_SHA256</span>
+  <span>| `RSA_PKCS1_SHA384</span>
+  <span>| `RSA_PKCS1_SHA512</span>
+  <span>| `RSA_PSS_RSAENC_SHA256</span>
+  <span>| `RSA_PSS_RSAENC_SHA384</span>
+  <span>| `RSA_PSS_RSAENC_SHA512</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pk_matches_sa"><a href="#val-pk_matches_sa" class="anchor"></a><code><span><span class="keyword">val</span> pk_matches_sa : 
+  <span><span>[&gt; <span>`ED25519 of <span class="type-var">'a</span></span> <span><span>| `P256</span> of <span class="type-var">'b</span></span> <span><span>| `P384</span> of <span class="type-var">'c</span></span> <span><span>| `P521</span> of <span class="type-var">'d</span></span> <span><span>| `RSA</span> of <span class="type-var">'e</span></span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `ECDSA_SECP256R1_SHA1
+  <span>| `ECDSA_SECP256R1_SHA256</span>
+  <span>| `ECDSA_SECP384R1_SHA384</span>
+  <span>| `ECDSA_SECP521R1_SHA512</span>
+  <span>| `ED25519</span>
+  <span>| `RSA_PKCS1_MD5</span>
+  <span>| `RSA_PKCS1_SHA1</span>
+  <span>| `RSA_PKCS1_SHA224</span>
+  <span>| `RSA_PKCS1_SHA256</span>
+  <span>| `RSA_PKCS1_SHA384</span>
+  <span>| `RSA_PKCS1_SHA512</span>
+  <span>| `RSA_PSS_RSAENC_SHA256</span>
+  <span>| `RSA_PSS_RSAENC_SHA384</span>
+  <span>| `RSA_PSS_RSAENC_SHA512</span> ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ED25519 ]</span> <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-client_extension"><a href="#type-client_extension" class="anchor"></a><code><span><span class="keyword">type</span> client_extension</span><span> = </span><span>[ </span></code><ol><li id="type-client_extension.Hostname" class="def variant constructor anchored"><a href="#type-client_extension.Hostname" class="anchor"></a><code><span>| </span><span>`Hostname <span class="keyword">of</span> <span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span></span></code></li><li id="type-client_extension.MaxFragmentLength" class="def variant constructor anchored"><a href="#type-client_extension.MaxFragmentLength" class="anchor"></a><code><span>| </span><span>`MaxFragmentLength <span class="keyword">of</span> <a href="../Packet/index.html#type-max_fragment_length">Packet.max_fragment_length</a></span></code></li><li id="type-client_extension.SupportedGroups" class="def variant constructor anchored"><a href="#type-client_extension.SupportedGroups" class="anchor"></a><code><span>| </span><span>`SupportedGroups <span class="keyword">of</span> <span><a href="../Packet/index.html#type-named_group">Packet.named_group</a> list</span></span></code></li><li id="type-client_extension.SecureRenegotiation" class="def variant constructor anchored"><a href="#type-client_extension.SecureRenegotiation" class="anchor"></a><code><span>| </span><span>`SecureRenegotiation <span class="keyword">of</span> string</span></code></li><li id="type-client_extension.Padding" class="def variant constructor anchored"><a href="#type-client_extension.Padding" class="anchor"></a><code><span>| </span><span>`Padding <span class="keyword">of</span> int</span></code></li><li id="type-client_extension.SignatureAlgorithms" class="def variant constructor anchored"><a href="#type-client_extension.SignatureAlgorithms" class="anchor"></a><code><span>| </span><span>`SignatureAlgorithms <span class="keyword">of</span> <span><a href="#type-signature_algorithm">signature_algorithm</a> list</span></span></code></li><li id="type-client_extension.ExtendedMasterSecret" class="def variant constructor anchored"><a href="#type-client_extension.ExtendedMasterSecret" class="anchor"></a><code><span>| </span><span>`ExtendedMasterSecret</span></code></li><li id="type-client_extension.ALPN" class="def variant constructor anchored"><a href="#type-client_extension.ALPN" class="anchor"></a><code><span>| </span><span>`ALPN <span class="keyword">of</span> <span>string list</span></span></code></li><li id="type-client_extension.KeyShare" class="def variant constructor anchored"><a href="#type-client_extension.KeyShare" class="anchor"></a><code><span>| </span><span>`KeyShare <span class="keyword">of</span> <span><span>(<a href="../Packet/index.html#type-named_group">Packet.named_group</a> * string)</span> list</span></span></code></li><li id="type-client_extension.EarlyDataIndication" class="def variant constructor anchored"><a href="#type-client_extension.EarlyDataIndication" class="anchor"></a><code><span>| </span><span>`EarlyDataIndication</span></code></li><li id="type-client_extension.PreSharedKeys" class="def variant constructor anchored"><a href="#type-client_extension.PreSharedKeys" class="anchor"></a><code><span>| </span><span>`PreSharedKeys <span class="keyword">of</span> <span><a href="#type-psk_identity">psk_identity</a> list</span></span></code></li><li id="type-client_extension.SupportedVersions" class="def variant constructor anchored"><a href="#type-client_extension.SupportedVersions" class="anchor"></a><code><span>| </span><span>`SupportedVersions <span class="keyword">of</span> <span><a href="#type-tls_any_version">tls_any_version</a> list</span></span></code></li><li id="type-client_extension.PostHandshakeAuthentication" class="def variant constructor anchored"><a href="#type-client_extension.PostHandshakeAuthentication" class="anchor"></a><code><span>| </span><span>`PostHandshakeAuthentication</span></code></li><li id="type-client_extension.Cookie" class="def variant constructor anchored"><a href="#type-client_extension.Cookie" class="anchor"></a><code><span>| </span><span>`Cookie <span class="keyword">of</span> string</span></code></li><li id="type-client_extension.PskKeyExchangeModes" class="def variant constructor anchored"><a href="#type-client_extension.PskKeyExchangeModes" class="anchor"></a><code><span>| </span><span>`PskKeyExchangeModes <span class="keyword">of</span> <span><a href="../Packet/index.html#type-psk_key_exchange_mode">Packet.psk_key_exchange_mode</a> list</span></span></code></li><li id="type-client_extension.ECPointFormats" class="def variant constructor anchored"><a href="#type-client_extension.ECPointFormats" class="anchor"></a><code><span>| </span><span>`ECPointFormats</span></code></li><li id="type-client_extension.UnknownExtension" class="def variant constructor anchored"><a href="#type-client_extension.UnknownExtension" class="anchor"></a><code><span>| </span><span>`UnknownExtension <span class="keyword">of</span> int * string</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-server13_extension"><a href="#type-server13_extension" class="anchor"></a><code><span><span class="keyword">type</span> server13_extension</span><span> = </span><span>[ </span></code><ol><li id="type-server13_extension.KeyShare" class="def variant constructor anchored"><a href="#type-server13_extension.KeyShare" class="anchor"></a><code><span>| </span><span>`KeyShare <span class="keyword">of</span> <a href="#type-group">group</a> * string</span></code></li><li id="type-server13_extension.PreSharedKey" class="def variant constructor anchored"><a href="#type-server13_extension.PreSharedKey" class="anchor"></a><code><span>| </span><span>`PreSharedKey <span class="keyword">of</span> int</span></code></li><li id="type-server13_extension.SelectedVersion" class="def variant constructor anchored"><a href="#type-server13_extension.SelectedVersion" class="anchor"></a><code><span>| </span><span>`SelectedVersion <span class="keyword">of</span> <a href="#type-tls_version">tls_version</a></span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-server_extension"><a href="#type-server_extension" class="anchor"></a><code><span><span class="keyword">type</span> server_extension</span><span> = </span><span>[ </span></code><ol><li id="type-server_extension.server13_extension" class="def variant type anchored"><a href="#type-server_extension.server13_extension" class="anchor"></a><code><span>| </span><span><a href="#type-server13_extension">server13_extension</a></span></code></li><li id="type-server_extension.Hostname" class="def variant constructor anchored"><a href="#type-server_extension.Hostname" class="anchor"></a><code><span>| </span><span>`Hostname</span></code></li><li id="type-server_extension.MaxFragmentLength" class="def variant constructor anchored"><a href="#type-server_extension.MaxFragmentLength" class="anchor"></a><code><span>| </span><span>`MaxFragmentLength <span class="keyword">of</span> <a href="../Packet/index.html#type-max_fragment_length">Packet.max_fragment_length</a></span></code></li><li id="type-server_extension.SecureRenegotiation" class="def variant constructor anchored"><a href="#type-server_extension.SecureRenegotiation" class="anchor"></a><code><span>| </span><span>`SecureRenegotiation <span class="keyword">of</span> string</span></code></li><li id="type-server_extension.ExtendedMasterSecret" class="def variant constructor anchored"><a href="#type-server_extension.ExtendedMasterSecret" class="anchor"></a><code><span>| </span><span>`ExtendedMasterSecret</span></code></li><li id="type-server_extension.ALPN" class="def variant constructor anchored"><a href="#type-server_extension.ALPN" class="anchor"></a><code><span>| </span><span>`ALPN <span class="keyword">of</span> string</span></code></li><li id="type-server_extension.ECPointFormats" class="def variant constructor anchored"><a href="#type-server_extension.ECPointFormats" class="anchor"></a><code><span>| </span><span>`ECPointFormats</span></code></li><li id="type-server_extension.UnknownExtension" class="def variant constructor anchored"><a href="#type-server_extension.UnknownExtension" class="anchor"></a><code><span>| </span><span>`UnknownExtension <span class="keyword">of</span> int * string</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-encrypted_extension"><a href="#type-encrypted_extension" class="anchor"></a><code><span><span class="keyword">type</span> encrypted_extension</span><span> = </span><span>[ </span></code><ol><li id="type-encrypted_extension.Hostname" class="def variant constructor anchored"><a href="#type-encrypted_extension.Hostname" class="anchor"></a><code><span>| </span><span>`Hostname</span></code></li><li id="type-encrypted_extension.MaxFragmentLength" class="def variant constructor anchored"><a href="#type-encrypted_extension.MaxFragmentLength" class="anchor"></a><code><span>| </span><span>`MaxFragmentLength <span class="keyword">of</span> <a href="../Packet/index.html#type-max_fragment_length">Packet.max_fragment_length</a></span></code></li><li id="type-encrypted_extension.SupportedGroups" class="def variant constructor anchored"><a href="#type-encrypted_extension.SupportedGroups" class="anchor"></a><code><span>| </span><span>`SupportedGroups <span class="keyword">of</span> <span><a href="#type-group">group</a> list</span></span></code></li><li id="type-encrypted_extension.ALPN" class="def variant constructor anchored"><a href="#type-encrypted_extension.ALPN" class="anchor"></a><code><span>| </span><span>`ALPN <span class="keyword">of</span> string</span></code></li><li id="type-encrypted_extension.EarlyDataIndication" class="def variant constructor anchored"><a href="#type-encrypted_extension.EarlyDataIndication" class="anchor"></a><code><span>| </span><span>`EarlyDataIndication</span></code></li><li id="type-encrypted_extension.UnknownExtension" class="def variant constructor anchored"><a href="#type-encrypted_extension.UnknownExtension" class="anchor"></a><code><span>| </span><span>`UnknownExtension <span class="keyword">of</span> int * string</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-hello_retry_extension"><a href="#type-hello_retry_extension" class="anchor"></a><code><span><span class="keyword">type</span> hello_retry_extension</span><span> = </span><span>[ </span></code><ol><li id="type-hello_retry_extension.SelectedGroup" class="def variant constructor anchored"><a href="#type-hello_retry_extension.SelectedGroup" class="anchor"></a><code><span>| </span><span>`SelectedGroup <span class="keyword">of</span> <a href="#type-group">group</a></span></code></li><li id="type-hello_retry_extension.Cookie" class="def variant constructor anchored"><a href="#type-hello_retry_extension.Cookie" class="anchor"></a><code><span>| </span><span>`Cookie <span class="keyword">of</span> string</span></code></li><li id="type-hello_retry_extension.SelectedVersion" class="def variant constructor anchored"><a href="#type-hello_retry_extension.SelectedVersion" class="anchor"></a><code><span>| </span><span>`SelectedVersion <span class="keyword">of</span> <a href="#type-tls_version">tls_version</a></span></code></li><li id="type-hello_retry_extension.UnknownExtension" class="def variant constructor anchored"><a href="#type-hello_retry_extension.UnknownExtension" class="anchor"></a><code><span>| </span><span>`UnknownExtension <span class="keyword">of</span> int * string</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-client_hello"><a href="#type-client_hello" class="anchor"></a><code><span><span class="keyword">type</span> client_hello</span><span> = </span><span>{</span></code><ol><li id="type-client_hello.client_version" class="def record field anchored"><a href="#type-client_hello.client_version" class="anchor"></a><code><span>client_version : <a href="#type-tls_any_version">tls_any_version</a>;</span></code></li><li id="type-client_hello.client_random" class="def record field anchored"><a href="#type-client_hello.client_random" class="anchor"></a><code><span>client_random : string;</span></code></li><li id="type-client_hello.sessionid" class="def record field anchored"><a href="#type-client_hello.sessionid" class="anchor"></a><code><span>sessionid : <span><a href="SessionID/index.html#type-t">SessionID.t</a> option</span>;</span></code></li><li id="type-client_hello.ciphersuites" class="def record field anchored"><a href="#type-client_hello.ciphersuites" class="anchor"></a><code><span>ciphersuites : <span><a href="../Packet/index.html#type-any_ciphersuite">Packet.any_ciphersuite</a> list</span>;</span></code></li><li id="type-client_hello.extensions" class="def record field anchored"><a href="#type-client_hello.extensions" class="anchor"></a><code><span>extensions : <span><a href="#type-client_extension">client_extension</a> list</span>;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-server_hello"><a href="#type-server_hello" class="anchor"></a><code><span><span class="keyword">type</span> server_hello</span><span> = </span><span>{</span></code><ol><li id="type-server_hello.server_version" class="def record field anchored"><a href="#type-server_hello.server_version" class="anchor"></a><code><span>server_version : <a href="#type-tls_version">tls_version</a>;</span></code></li><li id="type-server_hello.server_random" class="def record field anchored"><a href="#type-server_hello.server_random" class="anchor"></a><code><span>server_random : string;</span></code></li><li id="type-server_hello.sessionid" class="def record field anchored"><a href="#type-server_hello.sessionid" class="anchor"></a><code><span>sessionid : <span><a href="SessionID/index.html#type-t">SessionID.t</a> option</span>;</span></code></li><li id="type-server_hello.ciphersuite" class="def record field anchored"><a href="#type-server_hello.ciphersuite" class="anchor"></a><code><span>ciphersuite : <a href="../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a>;</span></code></li><li id="type-server_hello.extensions" class="def record field anchored"><a href="#type-server_hello.extensions" class="anchor"></a><code><span>extensions : <span><a href="#type-server_extension">server_extension</a> list</span>;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-dh_parameters"><a href="#type-dh_parameters" class="anchor"></a><code><span><span class="keyword">type</span> dh_parameters</span><span> = </span><span>{</span></code><ol><li id="type-dh_parameters.dh_p" class="def record field anchored"><a href="#type-dh_parameters.dh_p" class="anchor"></a><code><span>dh_p : string;</span></code></li><li id="type-dh_parameters.dh_g" class="def record field anchored"><a href="#type-dh_parameters.dh_g" class="anchor"></a><code><span>dh_g : string;</span></code></li><li id="type-dh_parameters.dh_Ys" class="def record field anchored"><a href="#type-dh_parameters.dh_Ys" class="anchor"></a><code><span>dh_Ys : string;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-hello_retry"><a href="#type-hello_retry" class="anchor"></a><code><span><span class="keyword">type</span> hello_retry</span><span> = </span><span>{</span></code><ol><li id="type-hello_retry.retry_version" class="def record field anchored"><a href="#type-hello_retry.retry_version" class="anchor"></a><code><span>retry_version : <a href="#type-tls_version">tls_version</a>;</span></code></li><li id="type-hello_retry.ciphersuite" class="def record field anchored"><a href="#type-hello_retry.ciphersuite" class="anchor"></a><code><span>ciphersuite : <a href="../Ciphersuite/index.html#type-ciphersuite13">Ciphersuite.ciphersuite13</a>;</span></code></li><li id="type-hello_retry.sessionid" class="def record field anchored"><a href="#type-hello_retry.sessionid" class="anchor"></a><code><span>sessionid : <span><a href="SessionID/index.html#type-t">SessionID.t</a> option</span>;</span></code></li><li id="type-hello_retry.selected_group" class="def record field anchored"><a href="#type-hello_retry.selected_group" class="anchor"></a><code><span>selected_group : <a href="#type-group">group</a>;</span></code></li><li id="type-hello_retry.extensions" class="def record field anchored"><a href="#type-hello_retry.extensions" class="anchor"></a><code><span>extensions : <span><a href="#type-hello_retry_extension">hello_retry_extension</a> list</span>;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-session_ticket_extension"><a href="#type-session_ticket_extension" class="anchor"></a><code><span><span class="keyword">type</span> session_ticket_extension</span><span> = </span><span>[ </span></code><ol><li id="type-session_ticket_extension.EarlyDataIndication" class="def variant constructor anchored"><a href="#type-session_ticket_extension.EarlyDataIndication" class="anchor"></a><code><span>| </span><span>`EarlyDataIndication <span class="keyword">of</span> int32</span></code></li><li id="type-session_ticket_extension.UnknownExtension" class="def variant constructor anchored"><a href="#type-session_ticket_extension.UnknownExtension" class="anchor"></a><code><span>| </span><span>`UnknownExtension <span class="keyword">of</span> int * string</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-session_ticket"><a href="#type-session_ticket" class="anchor"></a><code><span><span class="keyword">type</span> session_ticket</span><span> = </span><span>{</span></code><ol><li id="type-session_ticket.lifetime" class="def record field anchored"><a href="#type-session_ticket.lifetime" class="anchor"></a><code><span>lifetime : int32;</span></code></li><li id="type-session_ticket.age_add" class="def record field anchored"><a href="#type-session_ticket.age_add" class="anchor"></a><code><span>age_add : int32;</span></code></li><li id="type-session_ticket.nonce" class="def record field anchored"><a href="#type-session_ticket.nonce" class="anchor"></a><code><span>nonce : string;</span></code></li><li id="type-session_ticket.ticket" class="def record field anchored"><a href="#type-session_ticket.ticket" class="anchor"></a><code><span>ticket : string;</span></code></li><li id="type-session_ticket.extensions" class="def record field anchored"><a href="#type-session_ticket.extensions" class="anchor"></a><code><span>extensions : <span><a href="#type-session_ticket_extension">session_ticket_extension</a> list</span>;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-certificate_request_extension"><a href="#type-certificate_request_extension" class="anchor"></a><code><span><span class="keyword">type</span> certificate_request_extension</span><span> = </span><span>[ </span></code><ol><li id="type-certificate_request_extension.SignatureAlgorithms" class="def variant constructor anchored"><a href="#type-certificate_request_extension.SignatureAlgorithms" class="anchor"></a><code><span>| </span><span>`SignatureAlgorithms <span class="keyword">of</span> <span><a href="#type-signature_algorithm">signature_algorithm</a> list</span></span></code></li><li id="type-certificate_request_extension.CertificateAuthorities" class="def variant constructor anchored"><a href="#type-certificate_request_extension.CertificateAuthorities" class="anchor"></a><code><span>| </span><span>`CertificateAuthorities <span class="keyword">of</span> <span><span class="xref-unresolved">X509</span>.Distinguished_name.t list</span></span></code></li><li id="type-certificate_request_extension.UnknownExtension" class="def variant constructor anchored"><a href="#type-certificate_request_extension.UnknownExtension" class="anchor"></a><code><span>| </span><span>`UnknownExtension <span class="keyword">of</span> int * string</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-tls_handshake"><a href="#type-tls_handshake" class="anchor"></a><code><span><span class="keyword">type</span> tls_handshake</span><span> = </span></code><ol><li id="type-tls_handshake.HelloRequest" class="def variant constructor anchored"><a href="#type-tls_handshake.HelloRequest" class="anchor"></a><code><span>| </span><span><span class="constructor">HelloRequest</span></span></code></li><li id="type-tls_handshake.HelloRetryRequest" class="def variant constructor anchored"><a href="#type-tls_handshake.HelloRetryRequest" class="anchor"></a><code><span>| </span><span><span class="constructor">HelloRetryRequest</span> <span class="keyword">of</span> <a href="#type-hello_retry">hello_retry</a></span></code></li><li id="type-tls_handshake.EncryptedExtensions" class="def variant constructor anchored"><a href="#type-tls_handshake.EncryptedExtensions" class="anchor"></a><code><span>| </span><span><span class="constructor">EncryptedExtensions</span> <span class="keyword">of</span> <span><a href="#type-encrypted_extension">encrypted_extension</a> list</span></span></code></li><li id="type-tls_handshake.ServerHelloDone" class="def variant constructor anchored"><a href="#type-tls_handshake.ServerHelloDone" class="anchor"></a><code><span>| </span><span><span class="constructor">ServerHelloDone</span></span></code></li><li id="type-tls_handshake.ClientHello" class="def variant constructor anchored"><a href="#type-tls_handshake.ClientHello" class="anchor"></a><code><span>| </span><span><span class="constructor">ClientHello</span> <span class="keyword">of</span> <a href="#type-client_hello">client_hello</a></span></code></li><li id="type-tls_handshake.ServerHello" class="def variant constructor anchored"><a href="#type-tls_handshake.ServerHello" class="anchor"></a><code><span>| </span><span><span class="constructor">ServerHello</span> <span class="keyword">of</span> <a href="#type-server_hello">server_hello</a></span></code></li><li id="type-tls_handshake.Certificate" class="def variant constructor anchored"><a href="#type-tls_handshake.Certificate" class="anchor"></a><code><span>| </span><span><span class="constructor">Certificate</span> <span class="keyword">of</span> string</span></code></li><li id="type-tls_handshake.ServerKeyExchange" class="def variant constructor anchored"><a href="#type-tls_handshake.ServerKeyExchange" class="anchor"></a><code><span>| </span><span><span class="constructor">ServerKeyExchange</span> <span class="keyword">of</span> string</span></code></li><li id="type-tls_handshake.CertificateRequest" class="def variant constructor anchored"><a href="#type-tls_handshake.CertificateRequest" class="anchor"></a><code><span>| </span><span><span class="constructor">CertificateRequest</span> <span class="keyword">of</span> string</span></code></li><li id="type-tls_handshake.ClientKeyExchange" class="def variant constructor anchored"><a href="#type-tls_handshake.ClientKeyExchange" class="anchor"></a><code><span>| </span><span><span class="constructor">ClientKeyExchange</span> <span class="keyword">of</span> string</span></code></li><li id="type-tls_handshake.CertificateVerify" class="def variant constructor anchored"><a href="#type-tls_handshake.CertificateVerify" class="anchor"></a><code><span>| </span><span><span class="constructor">CertificateVerify</span> <span class="keyword">of</span> string</span></code></li><li id="type-tls_handshake.Finished" class="def variant constructor anchored"><a href="#type-tls_handshake.Finished" class="anchor"></a><code><span>| </span><span><span class="constructor">Finished</span> <span class="keyword">of</span> string</span></code></li><li id="type-tls_handshake.SessionTicket" class="def variant constructor anchored"><a href="#type-tls_handshake.SessionTicket" class="anchor"></a><code><span>| </span><span><span class="constructor">SessionTicket</span> <span class="keyword">of</span> <a href="#type-session_ticket">session_ticket</a></span></code></li><li id="type-tls_handshake.KeyUpdate" class="def variant constructor anchored"><a href="#type-tls_handshake.KeyUpdate" class="anchor"></a><code><span>| </span><span><span class="constructor">KeyUpdate</span> <span class="keyword">of</span> <a href="../Packet/index.html#type-key_update_request_type">Packet.key_update_request_type</a></span></code></li><li id="type-tls_handshake.EndOfEarlyData" class="def variant constructor anchored"><a href="#type-tls_handshake.EndOfEarlyData" class="anchor"></a><code><span>| </span><span><span class="constructor">EndOfEarlyData</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_handshake"><a href="#val-pp_handshake" class="anchor"></a><code><span><span class="keyword">val</span> pp_handshake : <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-tls_handshake">tls_handshake</a> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-src"><a href="#val-src" class="anchor"></a><code><span><span class="keyword">val</span> src : <span class="xref-unresolved">Logs</span>.src</span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Tracing"><a href="#module-Tracing" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Tracing/index.html">Tracing</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-tls_alert"><a href="#type-tls_alert" class="anchor"></a><code><span><span class="keyword">type</span> tls_alert</span><span> = <a href="../Packet/index.html#type-alert_level">Packet.alert_level</a> * <a href="../Packet/index.html#type-alert_type">Packet.alert_type</a></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-master_secret"><a href="#type-master_secret" class="anchor"></a><code><span><span class="keyword">type</span> master_secret</span><span> = string</span></code></div><div class="spec-doc"><p>the master secret of a TLS connection</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-psk13"><a href="#type-psk13" class="anchor"></a><code><span><span class="keyword">type</span> psk13</span><span> = </span><span>{</span></code><ol><li id="type-psk13.identifier" class="def record field anchored"><a href="#type-psk13.identifier" class="anchor"></a><code><span>identifier : string;</span></code></li><li id="type-psk13.obfuscation" class="def record field anchored"><a href="#type-psk13.obfuscation" class="anchor"></a><code><span>obfuscation : int32;</span></code></li><li id="type-psk13.secret" class="def record field anchored"><a href="#type-psk13.secret" class="anchor"></a><code><span>secret : string;</span></code></li><li id="type-psk13.lifetime" class="def record field anchored"><a href="#type-psk13.lifetime" class="anchor"></a><code><span>lifetime : int32;</span></code></li><li id="type-psk13.early_data" class="def record field anchored"><a href="#type-psk13.early_data" class="anchor"></a><code><span>early_data : int32;</span></code></li><li id="type-psk13.issued_at" class="def record field anchored"><a href="#type-psk13.issued_at" class="anchor"></a><code><span>issued_at : <span class="xref-unresolved">Ptime</span>.t;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-epoch_state"><a href="#type-epoch_state" class="anchor"></a><code><span><span class="keyword">type</span> epoch_state</span><span> = </span><span>[ </span></code><ol><li id="type-epoch_state.ZeroRTT" class="def variant constructor anchored"><a href="#type-epoch_state.ZeroRTT" class="anchor"></a><code><span>| </span><span>`ZeroRTT</span></code></li><li id="type-epoch_state.Established" class="def variant constructor anchored"><a href="#type-epoch_state.Established" class="anchor"></a><code><span>| </span><span>`Established</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-epoch_data"><a href="#type-epoch_data" class="anchor"></a><code><span><span class="keyword">type</span> epoch_data</span><span> = </span><span>{</span></code><ol><li id="type-epoch_data.side" class="def record field anchored"><a href="#type-epoch_data.side" class="anchor"></a><code><span>side : <span>[ `Client <span>| `Server</span> ]</span>;</span></code></li><li id="type-epoch_data.state" class="def record field anchored"><a href="#type-epoch_data.state" class="anchor"></a><code><span>state : <a href="#type-epoch_state">epoch_state</a>;</span></code></li><li id="type-epoch_data.protocol_version" class="def record field anchored"><a href="#type-epoch_data.protocol_version" class="anchor"></a><code><span>protocol_version : <a href="#type-tls_version">tls_version</a>;</span></code></li><li id="type-epoch_data.ciphersuite" class="def record field anchored"><a href="#type-epoch_data.ciphersuite" class="anchor"></a><code><span>ciphersuite : <a href="../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a>;</span></code></li><li id="type-epoch_data.peer_random" class="def record field anchored"><a href="#type-epoch_data.peer_random" class="anchor"></a><code><span>peer_random : string;</span></code></li><li id="type-epoch_data.peer_certificate_chain" class="def record field anchored"><a href="#type-epoch_data.peer_certificate_chain" class="anchor"></a><code><span>peer_certificate_chain : <span><span class="xref-unresolved">X509</span>.Certificate.t list</span>;</span></code></li><li id="type-epoch_data.peer_certificate" class="def record field anchored"><a href="#type-epoch_data.peer_certificate" class="anchor"></a><code><span>peer_certificate : <span><span class="xref-unresolved">X509</span>.Certificate.t option</span>;</span></code></li><li id="type-epoch_data.peer_name" class="def record field anchored"><a href="#type-epoch_data.peer_name" class="anchor"></a><code><span>peer_name : <span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> option</span>;</span></code></li><li id="type-epoch_data.trust_anchor" class="def record field anchored"><a href="#type-epoch_data.trust_anchor" class="anchor"></a><code><span>trust_anchor : <span><span class="xref-unresolved">X509</span>.Certificate.t option</span>;</span></code></li><li id="type-epoch_data.received_certificates" class="def record field anchored"><a href="#type-epoch_data.received_certificates" class="anchor"></a><code><span>received_certificates : <span><span class="xref-unresolved">X509</span>.Certificate.t list</span>;</span></code></li><li id="type-epoch_data.own_random" class="def record field anchored"><a href="#type-epoch_data.own_random" class="anchor"></a><code><span>own_random : string;</span></code></li><li id="type-epoch_data.own_certificate" class="def record field anchored"><a href="#type-epoch_data.own_certificate" class="anchor"></a><code><span>own_certificate : <span><span class="xref-unresolved">X509</span>.Certificate.t list</span>;</span></code></li><li id="type-epoch_data.own_private_key" class="def record field anchored"><a href="#type-epoch_data.own_private_key" class="anchor"></a><code><span>own_private_key : <span><span class="xref-unresolved">X509</span>.Private_key.t option</span>;</span></code></li><li id="type-epoch_data.own_name" class="def record field anchored"><a href="#type-epoch_data.own_name" class="anchor"></a><code><span>own_name : <span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> option</span>;</span></code></li><li id="type-epoch_data.master_secret" class="def record field anchored"><a href="#type-epoch_data.master_secret" class="anchor"></a><code><span>master_secret : <a href="#type-master_secret">master_secret</a>;</span></code></li><li id="type-epoch_data.exporter_master_secret" class="def record field anchored"><a href="#type-epoch_data.exporter_master_secret" class="anchor"></a><code><span>exporter_master_secret : <a href="#type-master_secret">master_secret</a>;</span></code></li><li id="type-epoch_data.session_id" class="def record field anchored"><a href="#type-epoch_data.session_id" class="anchor"></a><code><span>session_id : <a href="SessionID/index.html#type-t">SessionID.t</a>;</span></code></li><li id="type-epoch_data.extended_ms" class="def record field anchored"><a href="#type-epoch_data.extended_ms" class="anchor"></a><code><span>extended_ms : bool;</span></code></li><li id="type-epoch_data.alpn_protocol" class="def record field anchored"><a href="#type-epoch_data.alpn_protocol" class="anchor"></a><code><span>alpn_protocol : <span>string option</span>;</span></code></li><li id="type-epoch_data.tls_unique" class="def record field anchored"><a href="#type-epoch_data.tls_unique" class="anchor"></a><code><span>tls_unique : <span>string option</span>;</span></code></li></ol><code><span>}</span></code></div><div class="spec-doc"><p>information about an open session</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-supports_key_usage"><a href="#val-supports_key_usage" class="anchor"></a><code><span><span class="keyword">val</span> supports_key_usage : 
+  <span><span class="optlabel">?not_present</span>:bool <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Extension.key_usage <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Certificate.t <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-supports_extended_key_usage"><a href="#val-supports_extended_key_usage" class="anchor"></a><code><span><span class="keyword">val</span> supports_extended_key_usage : 
+  <span><span class="optlabel">?not_present</span>:bool <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Extension.extended_key_usage <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Certificate.t <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Crypto/Ciphers/index.html b/doc/tls/Tls/Crypto/Ciphers/index.html
new file mode 100644
index 00000000..8308ee73
--- /dev/null
+++ b/doc/tls/Tls/Crypto/Ciphers/index.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Ciphers (tls.Tls.Crypto.Ciphers)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls</a> &#x00BB; <a href="../../index.html">Tls</a> &#x00BB; <a href="../index.html">Crypto</a> &#x00BB; Ciphers</nav><header class="odoc-preamble"><h1>Module <code><span>Crypto.Ciphers</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-keyed"><a href="#type-keyed" class="anchor"></a><code><span><span class="keyword">type</span> keyed</span><span> = </span></code><ol><li id="type-keyed.K_CBC" class="def variant constructor anchored"><a href="#type-keyed.K_CBC" class="anchor"></a><code><span>| </span><span><span class="constructor">K_CBC</span> : <span><span class="type-var">'k</span> <a href="../../State/index.html#type-cbc_cipher">State.cbc_cipher</a></span> * <span>(<span>string <span class="arrow">&#45;&gt;</span></span> <span class="type-var">'k</span>)</span> <span class="arrow">&#45;&gt;</span> <a href="#type-keyed">keyed</a></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-get_block"><a href="#val-get_block" class="anchor"></a><code><span><span class="keyword">val</span> get_block : <span><a href="../../Ciphersuite/index.html#type-block_cipher">Ciphersuite.block_cipher</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-keyed">keyed</a></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-aead_keyed"><a href="#type-aead_keyed" class="anchor"></a><code><span><span class="keyword">type</span> aead_keyed</span><span> = </span></code><ol><li id="type-aead_keyed.K_AEAD" class="def variant constructor anchored"><a href="#type-aead_keyed.K_AEAD" class="anchor"></a><code><span>| </span><span><span class="constructor">K_AEAD</span> : <span><span class="type-var">'k</span> <a href="../../State/index.html#type-aead_cipher">State.aead_cipher</a></span> * <span>(<span>string <span class="arrow">&#45;&gt;</span></span> <span class="type-var">'k</span>)</span> * bool <span class="arrow">&#45;&gt;</span> <a href="#type-aead_keyed">aead_keyed</a></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-get_aead"><a href="#val-get_aead" class="anchor"></a><code><span><span class="keyword">val</span> get_aead : <span><a href="../../Ciphersuite/index.html#type-aead_cipher">Ciphersuite.aead_cipher</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-aead_keyed">aead_keyed</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-get_aead_cipher"><a href="#val-get_aead_cipher" class="anchor"></a><code><span><span class="keyword">val</span> get_aead_cipher : 
+  <span><span class="label">secret</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">nonce</span>:<a href="../../State/index.html#type-nonce">State.nonce</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../../Ciphersuite/index.html#type-aead_cipher">Ciphersuite.aead_cipher</a> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../../State/index.html#type-cipher_st">State.cipher_st</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-get_cipher"><a href="#val-get_cipher" class="anchor"></a><code><span><span class="keyword">val</span> get_cipher : 
+  <span><span class="label">secret</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">hmac_secret</span>:<a href="../../State/index.html#type-hmac_key">State.hmac_key</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">iv_mode</span>:<a href="../../State/index.html#type-iv_mode">State.iv_mode</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">nonce</span>:<a href="../../State/index.html#type-nonce">State.nonce</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; <span>`AEAD of <a href="../../Ciphersuite/index.html#type-aead_cipher">Ciphersuite.aead_cipher</a></span>
+  <span><span>| `Block</span> of <a href="../../Ciphersuite/index.html#type-block_cipher">Ciphersuite.block_cipher</a> * <span class="xref-unresolved">Digestif</span>.hash'</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../../State/index.html#type-cipher_st">State.cipher_st</a></span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Crypto/index.html b/doc/tls/Tls/Crypto/index.html
new file mode 100644
index 00000000..57fde825
--- /dev/null
+++ b/doc/tls/Tls/Crypto/index.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Crypto (tls.Tls.Crypto)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Crypto</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Crypto</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-dh_params_pack"><a href="#val-dh_params_pack" class="anchor"></a><code><span><span class="keyword">val</span> dh_params_pack : <span><span class="xref-unresolved">Mirage_crypto_pk</span>.Dh.group <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <a href="../Core/index.html#type-dh_parameters">Core.dh_parameters</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-dh_params_unpack"><a href="#val-dh_params_unpack" class="anchor"></a><code><span><span class="keyword">val</span> dh_params_unpack : 
+  <span><a href="../Core/index.html#type-dh_parameters">Core.dh_parameters</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span class="xref-unresolved">Mirage_crypto_pk</span>.Dh.group * string, <span>[&gt; <span>`Msg of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Ciphers"><a href="#module-Ciphers" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Ciphers/index.html">Ciphers</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-sequence_buf"><a href="#val-sequence_buf" class="anchor"></a><code><span><span class="keyword">val</span> sequence_buf : <span>int64 <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-aead_nonce"><a href="#val-aead_nonce" class="anchor"></a><code><span><span class="keyword">val</span> aead_nonce : <span>string <span class="arrow">&#45;&gt;</span></span> <span>int64 <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-adata_1_3"><a href="#val-adata_1_3" class="anchor"></a><code><span><span class="keyword">val</span> adata_1_3 : <span>int <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pseudo_header"><a href="#val-pseudo_header" class="anchor"></a><code><span><span class="keyword">val</span> pseudo_header : 
+  <span>int64 <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Packet/index.html#type-content_type">Packet.content_type</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(int * int)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>int <span class="arrow">&#45;&gt;</span></span>
+  string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-mac"><a href="#val-mac" class="anchor"></a><code><span><span class="keyword">val</span> mac : <span><span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-cbc_block"><a href="#val-cbc_block" class="anchor"></a><code><span><span class="keyword">val</span> cbc_block : <span><span>(<span class="keyword">module</span> <span class="xref-unresolved">Mirage_crypto</span>.Block.CBC <span class="keyword">with</span> <span class="keyword">type</span> <span class="xref-unresolved">key</span> = <span class="type-var">'a</span>)</span> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-cbc_pad"><a href="#val-cbc_pad" class="anchor"></a><code><span><span class="keyword">val</span> cbc_pad : <span>int <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-cbc_unpad"><a href="#val-cbc_unpad" class="anchor"></a><code><span><span class="keyword">val</span> cbc_unpad : <span>string <span class="arrow">&#45;&gt;</span></span> <span>string option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-tag_len"><a href="#val-tag_len" class="anchor"></a><code><span><span class="keyword">val</span> tag_len : <span><span>(<span class="keyword">module</span> <span class="xref-unresolved">Mirage_crypto</span>.AEAD <span class="keyword">with</span> <span class="keyword">type</span> <span class="xref-unresolved">key</span> = <span class="type-var">'a</span>)</span> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encrypt_aead"><a href="#val-encrypt_aead" class="anchor"></a><code><span><span class="keyword">val</span> encrypt_aead : 
+  <span><span class="label">cipher</span>:<span>(<span class="keyword">module</span> <span class="xref-unresolved">Mirage_crypto</span>.AEAD <span class="keyword">with</span> <span class="keyword">type</span> <span class="xref-unresolved">key</span> = <span class="type-var">'a</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">key</span>:<span class="type-var">'a0</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">nonce</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?adata</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decrypt_aead"><a href="#val-decrypt_aead" class="anchor"></a><code><span><span class="keyword">val</span> decrypt_aead : 
+  <span><span class="label">cipher</span>:<span>(<span class="keyword">module</span> <span class="xref-unresolved">Mirage_crypto</span>.AEAD <span class="keyword">with</span> <span class="keyword">type</span> <span class="xref-unresolved">key</span> = <span class="type-var">'a</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">key</span>:<span class="type-var">'a0</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">nonce</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?adata</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-encrypt_cbc"><a href="#val-encrypt_cbc" class="anchor"></a><code><span><span class="keyword">val</span> encrypt_cbc : 
+  <span><span class="label">cipher</span>:<span>(<span class="keyword">module</span> <span class="xref-unresolved">Mirage_crypto</span>.Block.CBC <span class="keyword">with</span> <span class="keyword">type</span> <span class="xref-unresolved">key</span> = <span class="type-var">'a</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">key</span>:<span class="type-var">'a0</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">iv</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  string * string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-decrypt_cbc"><a href="#val-decrypt_cbc" class="anchor"></a><code><span><span class="keyword">val</span> decrypt_cbc : 
+  <span><span class="label">cipher</span>:<span>(<span class="keyword">module</span> <span class="xref-unresolved">Mirage_crypto</span>.Block.CBC <span class="keyword">with</span> <span class="keyword">type</span> <span class="xref-unresolved">key</span> = <span class="type-var">'a</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">key</span>:<span class="type-var">'a0</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="label">iv</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(string * string)</span> option</span></span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Engine/index.html b/doc/tls/Tls/Engine/index.html
new file mode 100644
index 00000000..1715ada2
--- /dev/null
+++ b/doc/tls/Tls/Engine/index.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Engine (tls.Tls.Engine)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Engine</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Engine</span></code></h1><p>Transport layer security</p><p><code>TLS</code> is an implementation of <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security">transport layer security</a> in OCaml. TLS is a widely used security protocol which establishes an end-to-end secure channel (with optional (mutual) authentication) between two endpoints. It uses TCP/IP as transport. This library supports all four versions of TLS: <a href="https://tools.ietf.org/html/rfc8446">1.3, RFC8446</a>, <a href="https://tools.ietf.org/html/rfc5246">1.2, RFC5246</a>, <a href="https://tools.ietf.org/html/rfc4346">1.1, RFC4346</a>, and <a href="https://tools.ietf.org/html/rfc2246">1.0, RFC2246</a>. SSL, the previous protocol definition, is not supported.</p><p>TLS is algorithmically agile: protocol version, key exchange algorithm, symmetric cipher, and message authentication code are negotiated upon connection.</p><p>This library implements several extensions of TLS, <a href="https://tools.ietf.org/html/rfc3268">AES ciphers</a>, <a href="https://tools.ietf.org/html/rfc4366">TLS extensions</a> (such as server name indication, SNI), <a href="https://tools.ietf.org/html/rfc5746">Renegotiation extension</a>, <a href="https://tools.ietf.org/html/rfc7627">Session Hash and Extended Master Secret Extension</a>.</p><p>This library does not contain insecure cipher suites (such as single DES, export ciphers, ...). It does not expose the server time in the server random, requires secure renegotiation.</p><p>This library consists of a core, implemented in a purely functional matter (<a href="#"><code>Engine</code></a>, this module), and effectful parts: <code>Tls_lwt</code> and <code>Tls_mirage</code>.</p><p><em>v1.0.4</em></p></header><nav class="odoc-toc"><ul><li><a href="#abstract-state-type">Abstract state type</a></li><li><a href="#constructors">Constructors</a></li><li><a href="#protocol-failures">Protocol failures</a></li><li><a href="#protocol-handling">Protocol handling</a></li><li><a href="#session-information">Session information</a></li></ul></nav><div class="odoc-content"><h2 id="abstract-state-type"><a href="#abstract-state-type" class="anchor"></a>Abstract state type</h2><div class="odoc-spec"><div class="spec type anchored" id="type-state"><a href="#type-state" class="anchor"></a><code><span><span class="keyword">type</span> state</span></code></div><div class="spec-doc"><p>The abstract type of a TLS state.</p></div></div><h2 id="constructors"><a href="#constructors" class="anchor"></a>Constructors</h2><div class="odoc-spec"><div class="spec value anchored" id="val-client"><a href="#val-client" class="anchor"></a><code><span><span class="keyword">val</span> client : <span><a href="../Config/index.html#type-client">Config.client</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-state">state</a> * string</span></code></div><div class="spec-doc"><p><code>client client</code> is <code>tls * out</code> where <code>tls</code> is the initial state, and <code>out</code> the initial client hello</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-server"><a href="#val-server" class="anchor"></a><code><span><span class="keyword">val</span> server : <span><a href="../Config/index.html#type-server">Config.server</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-state">state</a></span></code></div><div class="spec-doc"><p><code>server server</code> is <code>tls</code> where <code>tls</code> is the initial server state</p></div></div><h2 id="protocol-failures"><a href="#protocol-failures" class="anchor"></a>Protocol failures</h2><div class="odoc-spec"><div class="spec type anchored" id="type-error"><a href="#type-error" class="anchor"></a><code><span><span class="keyword">type</span> error</span><span> = </span><span>[ </span></code><ol><li id="type-error.AuthenticationFailure" class="def variant constructor anchored"><a href="#type-error.AuthenticationFailure" class="anchor"></a><code><span>| </span><span>`AuthenticationFailure <span class="keyword">of</span> <span class="xref-unresolved">X509</span>.Validation.validation_error</span></code></li><li id="type-error.NoConfiguredCiphersuite" class="def variant constructor anchored"><a href="#type-error.NoConfiguredCiphersuite" class="anchor"></a><code><span>| </span><span>`NoConfiguredCiphersuite <span class="keyword">of</span> <span><a href="../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> list</span></span></code></li><li id="type-error.NoConfiguredVersions" class="def variant constructor anchored"><a href="#type-error.NoConfiguredVersions" class="anchor"></a><code><span>| </span><span>`NoConfiguredVersions <span class="keyword">of</span> <span><a href="../Core/index.html#type-tls_version">Core.tls_version</a> list</span></span></code></li><li id="type-error.NoConfiguredSignatureAlgorithm" class="def variant constructor anchored"><a href="#type-error.NoConfiguredSignatureAlgorithm" class="anchor"></a><code><span>| </span><span>`NoConfiguredSignatureAlgorithm <span class="keyword">of</span> <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span></code></li><li id="type-error.NoMatchingCertificateFound" class="def variant constructor anchored"><a href="#type-error.NoMatchingCertificateFound" class="anchor"></a><code><span>| </span><span>`NoMatchingCertificateFound <span class="keyword">of</span> string</span></code></li><li id="type-error.CouldntSelectCertificate" class="def variant constructor anchored"><a href="#type-error.CouldntSelectCertificate" class="anchor"></a><code><span>| </span><span>`CouldntSelectCertificate</span></code></li></ol><code><span> ]</span></code></div><div class="spec-doc"><p>failures which can be mitigated by reconfiguration</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-fatal"><a href="#type-fatal" class="anchor"></a><code><span><span class="keyword">type</span> fatal</span><span> = </span><span>[ </span></code><ol><li id="type-fatal.Protocol_version" class="def variant constructor anchored"><a href="#type-fatal.Protocol_version" class="anchor"></a><code><span>| </span><span>`Protocol_version <span class="keyword">of</span>
+  <span>[ <span>`None_supported of <span><a href="../Core/index.html#type-tls_any_version">Core.tls_any_version</a> list</span></span>
+  <span><span>| `Unknown_record</span> of int * int</span>
+  <span><span>| `Bad_record</span> of <a href="../Core/index.html#type-tls_any_version">Core.tls_any_version</a></span> ]</span></span></code></li><li id="type-fatal.Unexpected" class="def variant constructor anchored"><a href="#type-fatal.Unexpected" class="anchor"></a><code><span>| </span><span>`Unexpected <span class="keyword">of</span>
+  <span>[ <span>`Content_type of int</span>
+  <span><span>| `Message</span> of string</span>
+  <span><span>| `Handshake</span> of <a href="../Core/index.html#type-tls_handshake">Core.tls_handshake</a></span> ]</span></span></code></li><li id="type-fatal.Decode" class="def variant constructor anchored"><a href="#type-fatal.Decode" class="anchor"></a><code><span>| </span><span>`Decode <span class="keyword">of</span> string</span></code></li><li id="type-fatal.Handshake" class="def variant constructor anchored"><a href="#type-fatal.Handshake" class="anchor"></a><code><span>| </span><span>`Handshake <span class="keyword">of</span>
+  <span>[ <span>`Message of string</span>
+  <span>| `Fragments</span>
+  <span><span>| `BadDH</span> of string</span>
+  <span><span>| `BadECDH</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.error</span> ]</span></span></code></li><li id="type-fatal.Bad_certificate" class="def variant constructor anchored"><a href="#type-fatal.Bad_certificate" class="anchor"></a><code><span>| </span><span>`Bad_certificate <span class="keyword">of</span> string</span></code></li><li id="type-fatal.Missing_extension" class="def variant constructor anchored"><a href="#type-fatal.Missing_extension" class="anchor"></a><code><span>| </span><span>`Missing_extension <span class="keyword">of</span> string</span></code></li><li id="type-fatal.Bad_mac" class="def variant constructor anchored"><a href="#type-fatal.Bad_mac" class="anchor"></a><code><span>| </span><span>`Bad_mac</span></code></li><li id="type-fatal.Record_overflow" class="def variant constructor anchored"><a href="#type-fatal.Record_overflow" class="anchor"></a><code><span>| </span><span>`Record_overflow <span class="keyword">of</span> int</span></code></li><li id="type-fatal.Unsupported_extension" class="def variant constructor anchored"><a href="#type-fatal.Unsupported_extension" class="anchor"></a><code><span>| </span><span>`Unsupported_extension</span></code></li><li id="type-fatal.Inappropriate_fallback" class="def variant constructor anchored"><a href="#type-fatal.Inappropriate_fallback" class="anchor"></a><code><span>| </span><span>`Inappropriate_fallback</span></code></li><li id="type-fatal.No_application_protocol" class="def variant constructor anchored"><a href="#type-fatal.No_application_protocol" class="anchor"></a><code><span>| </span><span>`No_application_protocol</span></code></li></ol><code><span> ]</span></code></div><div class="spec-doc"><p>failures from received garbage or lack of features</p></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-failure"><a href="#type-failure" class="anchor"></a><code><span><span class="keyword">type</span> failure</span><span> = </span><span>[ </span></code><ol><li id="type-failure.Error" class="def variant constructor anchored"><a href="#type-failure.Error" class="anchor"></a><code><span>| </span><span>`Error <span class="keyword">of</span> <a href="#type-error">error</a></span></code></li><li id="type-failure.Fatal" class="def variant constructor anchored"><a href="#type-failure.Fatal" class="anchor"></a><code><span>| </span><span>`Fatal <span class="keyword">of</span> <a href="#type-fatal">fatal</a></span></code></li><li id="type-failure.Alert" class="def variant constructor anchored"><a href="#type-failure.Alert" class="anchor"></a><code><span>| </span><span>`Alert <span class="keyword">of</span> <a href="../Packet/index.html#type-alert_type">Packet.alert_type</a></span></code></li></ol><code><span> ]</span></code></div><div class="spec-doc"><p>type of failures</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-alert_of_failure"><a href="#val-alert_of_failure" class="anchor"></a><code><span><span class="keyword">val</span> alert_of_failure : <span><a href="#type-failure">failure</a> <span class="arrow">&#45;&gt;</span></span> <a href="../Packet/index.html#type-alert_level">Packet.alert_level</a> * <a href="../Packet/index.html#type-alert_type">Packet.alert_type</a></span></code></div><div class="spec-doc"><p><code>alert_of_failure failure</code> is <code>alert</code>, the TLS alert type for this failure.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-string_of_failure"><a href="#val-string_of_failure" class="anchor"></a><code><span><span class="keyword">val</span> string_of_failure : <span><a href="#type-failure">failure</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div><div class="spec-doc"><p><code>string_of_failure failure</code> is <code>string</code>, the string representation of the <code>failure</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_failure"><a href="#val-pp_failure" class="anchor"></a><code><span><span class="keyword">val</span> pp_failure : <span><a href="#type-failure">failure</a> <span class="xref-unresolved">Fmt</span>.t</span></span></code></div><div class="spec-doc"><p><code>pp_failure failure</code> pretty-prints failure.</p></div></div><h2 id="protocol-handling"><a href="#protocol-handling" class="anchor"></a>Protocol handling</h2><div class="odoc-spec"><div class="spec type anchored" id="type-ret"><a href="#type-ret" class="anchor"></a><code><span><span class="keyword">type</span> ret</span><span> =
+  <span><span>(<a href="#type-state">state</a>
+   * <span><span>[ `Eof ]</span> option</span>
+   * <span>[ <span>`Response of <span>string option</span></span> ]</span>
+   * <span>[ <span>`Data of <span>string option</span></span> ]</span>,
+    <a href="#type-failure">failure</a> * <span>[ <span>`Response of string</span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div><div class="spec-doc"><p>result type of <a href="#val-handle_tls"><code>handle_tls</code></a>: either failed to handle the incoming buffer (<code>`Fail</code>) with <a href="#type-failure"><code>failure</code></a> and potentially a message to send to the other endpoint, or sucessful operation (<code>`Ok</code>) with a new <a href="#type-state"><code>state</code></a>, an end of file (<code>`Eof</code>), or an incoming (<code>`Alert</code>). Possibly some <code>`Response</code> to the other endpoint is needed, and potentially some <code>`Data</code> for the application was received.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-handle_tls"><a href="#val-handle_tls" class="anchor"></a><code><span><span class="keyword">val</span> handle_tls : <span><a href="#type-state">state</a> <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <a href="#type-ret">ret</a></span></code></div><div class="spec-doc"><p><code>handle_tls state buffer</code> is <code>ret</code>, depending on incoming <code>state</code> and <code>buffer</code>, the result is the appropriate <a href="#type-ret"><code>ret</code></a></p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-handshake_in_progress"><a href="#val-handshake_in_progress" class="anchor"></a><code><span><span class="keyword">val</span> handshake_in_progress : <span><a href="#type-state">state</a> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div><div class="spec-doc"><p><code>handshake_in_progrss state</code> is a predicate which indicates whether there is a handshake in progress or scheduled.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-send_application_data"><a href="#val-send_application_data" class="anchor"></a><code><span><span class="keyword">val</span> send_application_data : <span><a href="#type-state">state</a> <span class="arrow">&#45;&gt;</span></span> <span><span>string list</span> <span class="arrow">&#45;&gt;</span></span> <span><span>(<a href="#type-state">state</a> * string)</span> option</span></span></code></div><div class="spec-doc"><p><code>send_application_data tls outs</code> is <code>Some (tls', out)</code> where <code>tls'</code> is the new tls state, and <code>out</code> the cstruct to send over the wire (encrypted <code>outs</code>) when the TLS session is ready. When the TLS session is not ready it is <code>None</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-send_close_notify"><a href="#val-send_close_notify" class="anchor"></a><code><span><span class="keyword">val</span> send_close_notify : <span><a href="#type-state">state</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-state">state</a> * string</span></code></div><div class="spec-doc"><p><code>send_close_notify tls</code> is <code>tls' * out</code> where <code>tls'</code> is the new tls state, and out the (possible encrypted) close notify alert.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-reneg"><a href="#val-reneg" class="anchor"></a><code><span><span class="keyword">val</span> reneg : 
+  <span><span class="optlabel">?authenticator</span>:<span class="xref-unresolved">X509</span>.Authenticator.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?acceptable_cas</span>:<span><span class="xref-unresolved">X509</span>.Distinguished_name.t list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?cert</span>:<a href="../Config/index.html#type-own_cert">Config.own_cert</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-state">state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="#type-state">state</a> * string)</span> option</span></span></code></div><div class="spec-doc"><p><code>reneg ~authenticator ~acceptable_cas ~cert tls</code> initiates a renegotation on <code>tls</code>, using the provided <code>authenticator</code>. It is <code>tls' * out</code> where <code>tls'</code> is the new tls state, and <code>out</code> either a client hello or hello request (depending on which communication endpoint <code>tls</code> is).</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-key_update"><a href="#val-key_update" class="anchor"></a><code><span><span class="keyword">val</span> key_update : 
+  <span><span class="optlabel">?request</span>:bool <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="#type-state">state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="#type-state">state</a> * string, <a href="#type-failure">failure</a>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div><div class="spec-doc"><p><code>key_update ~request state</code> initiates a KeyUpdate (TLS 1.3 only). If <code>request</code> is provided and <code>true</code> (the default), the KeyUpdate message contains a request that the peer should update their traffic key as well.</p></div></div><h2 id="session-information"><a href="#session-information" class="anchor"></a>Session information</h2><div class="odoc-spec"><div class="spec value anchored" id="val-epoch"><a href="#val-epoch" class="anchor"></a><code><span><span class="keyword">val</span> epoch : <span><a href="#type-state">state</a> <span class="arrow">&#45;&gt;</span></span> <span><span>(<a href="../Core/index.html#type-epoch_data">Core.epoch_data</a>, unit)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div><div class="spec-doc"><p><code>epoch state</code> is <code>epoch</code>, which contains the session information. If there's no established session yet, an error is returned.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-export_key_material"><a href="#val-export_key_material" class="anchor"></a><code><span><span class="keyword">val</span> export_key_material : 
+  <span><a href="../Core/index.html#type-epoch_data">Core.epoch_data</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?context</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>int <span class="arrow">&#45;&gt;</span></span>
+  string</span></code></div><div class="spec-doc"><p><code>export_key_material epoch_data ?context label length</code> is the RFC 5705 exported key material of <code>length</code> bytes using <code>label</code> and, if provided, <code>context</code>.</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-channel_binding"><a href="#val-channel_binding" class="anchor"></a><code><span><span class="keyword">val</span> channel_binding : 
+  <span><a href="../Core/index.html#type-epoch_data">Core.epoch_data</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[ `Tls_exporter <span>| `Tls_unique</span> <span>| `Tls_server_endpoint</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(string, <span>[ <span>`Msg of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div><div class="spec-doc"><p><code>channel_binding epoch_data mode</code> is the RFC 5929 and RFC 9266 specified channel binding. Please note that <code>`Tls_unique</code> will error for TLS 1.3 sessions, and <code>`Tls_exporter</code> is not recommended for TLS &lt; 1.3 sessions (unless the uniqueness is ensured via another path).</p></div></div></div></body></html>
diff --git a/doc/tls/Tls/Explorator/index.html b/doc/tls/Tls/Explorator/index.html
new file mode 100644
index 00000000..15bab10b
--- /dev/null
+++ b/doc/tls/Tls/Explorator/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Explorator (tls.Tls.Explorator)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Explorator</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Explorator</span></code></h1></header><div class="odoc-content"></div></body></html>
diff --git a/doc/tls/Tls/Handshake_client/index.html b/doc/tls/Tls/Handshake_client/index.html
new file mode 100644
index 00000000..4010433b
--- /dev/null
+++ b/doc/tls/Tls/Handshake_client/index.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Handshake_client (tls.Tls.Handshake_client)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Handshake_client</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Handshake_client</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-default_client_hello"><a href="#val-default_client_hello" class="anchor"></a><code><span><span class="keyword">val</span> default_client_hello : 
+  <span><a href="../Config/index.html#type-config">Config.config</a> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../Core/index.html#type-client_hello">Core.client_hello</a> * <a href="../Core/index.html#type-tls_version">Core.tls_version</a> * <span><span>(<a href="../Core/index.html#type-group">Core.group</a> * <a href="../State/index.html#type-dh_secret">State.dh_secret</a>)</span> list</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-handle_change_cipher_spec"><a href="#val-handle_change_cipher_spec" class="anchor"></a><code><span><span class="keyword">val</span> handle_change_cipher_spec : 
+  <span><a href="../State/index.html#type-client_handshake_state">State.client_handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_return">State.handshake_return</a>, <a href="../State/index.html#type-failure">State.failure</a>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-handle_handshake"><a href="#val-handle_handshake" class="anchor"></a><code><span><span class="keyword">val</span> handle_handshake : 
+  <span><a href="../State/index.html#type-client_handshake_state">State.client_handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_return">State.handshake_return</a>, <a href="../State/index.html#type-failure">State.failure</a>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-answer_hello_request"><a href="#val-answer_hello_request" class="anchor"></a><code><span><span class="keyword">val</span> answer_hello_request : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_return">State.handshake_return</a>, <a href="../State/index.html#type-failure">State.failure</a>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Handshake_client13/index.html b/doc/tls/Tls/Handshake_client13/index.html
new file mode 100644
index 00000000..1b7f9089
--- /dev/null
+++ b/doc/tls/Tls/Handshake_client13/index.html
@@ -0,0 +1,131 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Handshake_client13 (tls.Tls.Handshake_client13)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Handshake_client13</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Handshake_client13</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-answer_server_hello"><a href="#val-answer_server_hello" class="anchor"></a><code><span><span class="keyword">val</span> answer_server_hello : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Core/index.html#type-client_hello">Core.client_hello</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Core/index.html#type-server_hello">Core.server_hello</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(<a href="../Core/index.html#type-group">Core.group</a>
+   * <span>[&lt; <span>`Finite_field of <span class="xref-unresolved">Mirage_crypto_pk</span>.Dh.secret</span>
+     <span><span>| `P256</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.P256.Dh.secret</span>
+     <span><span>| `P384</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.P384.Dh.secret</span>
+     <span><span>| `P521</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.P521.Dh.secret</span>
+     <span><span>| `X25519</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.X25519.secret</span> ]</span>)</span>
+    list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a>
+   * <span><span>[&gt; <span>`Change_dec of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Change_enc</span> of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span> ]</span>
+       list</span>,
+    <span>[&gt; <span>`Fatal of
+         <span>[&gt; <span>`Handshake of
+              <span>[&gt; <span>`BadDH of string</span>
+              <span><span>| `BadECDH</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.error</span>
+              <span>| `Fragments</span>
+              <span><span>| `Message</span> of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-answer_hello_retry_request"><a href="#val-answer_hello_retry_request" class="anchor"></a><code><span><span class="keyword">val</span> answer_hello_retry_request : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Core/index.html#type-client_hello">Core.client_hello</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Core/index.html#type-hello_retry">Core.hello_retry</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a> * <span><span>[&gt; <span>`Record of <a href="../Packet/index.html#type-content_type">Packet.content_type</a> * string</span> ]</span> list</span>,
+    <span>[&gt; <span>`Fatal of <span>[&gt; <span>`Handshake of <span>[&gt; <span>`Message of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-answer_encrypted_extensions"><a href="#val-answer_encrypted_extensions" class="anchor"></a><code><span><span class="keyword">val</span> answer_encrypted_extensions : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-session_data13">State.session_data13</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>[&gt; <span>`ALPN of string</span> ]</span> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a> * <span><span class="type-var">'a</span> list</span>, <span class="type-var">'b</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-answer_certificate"><a href="#val-answer_certificate" class="anchor"></a><code><span><span class="keyword">val</span> answer_certificate : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-session_data13">State.session_data13</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(string * <span class="type-var">'a</span>)</span> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a> * <span><span class="type-var">'b</span> list</span>,
+    <span>[&gt; <span>`Error of
+         <span>[&gt; <span>`AuthenticationFailure of <span class="xref-unresolved">X509</span>.Validation.validation_error</span> ]</span></span>
+    <span><span>| `Fatal</span> of <span>[&gt; <span>`Bad_certificate of string</span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-answer_certificate_verify"><a href="#val-answer_certificate_verify" class="anchor"></a><code><span><span class="keyword">val</span> answer_certificate_verify : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-session_data13">State.session_data13</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a> * <span><span class="type-var">'a</span> list</span>,
+    <span>[&gt; <span>`Error of
+         <span>[&gt; <span>`NoConfiguredSignatureAlgorithm of <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span> ]</span></span>
+    <span><span>| `Fatal</span> of
+      <span>[&gt; <span>`Bad_certificate of string</span>
+      <span><span>| `Decode</span> of string</span>
+      <span><span>| `Handshake</span> of <span>[&gt; <span>`Message of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-answer_certificate_request"><a href="#val-answer_certificate_request" class="anchor"></a><code><span><span class="keyword">val</span> answer_certificate_request : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-session_data13">State.session_data13</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>[&gt; <span>`SignatureAlgorithms of <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span> ]</span> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a> * <span><span class="type-var">'a</span> list</span>, <span class="type-var">'b</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-answer_finished"><a href="#val-answer_finished" class="anchor"></a><code><span><span class="keyword">val</span> answer_finished : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-session_data13">State.session_data13</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a>
+   * <span><span>[&gt; <span>`Change_dec of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Change_enc</span> of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Record</span> of <a href="../Packet/index.html#type-content_type">Packet.content_type</a> * string</span> ]</span>
+       list</span>,
+    <span>[&gt; <span>`Error of
+         <span>[&gt; <span>`NoConfiguredSignatureAlgorithm of <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span> ]</span></span>
+    <span><span>| `Fatal</span> of
+      <span>[&gt; <span>`Bad_certificate of string</span>
+      <span><span>| `Handshake</span> of <span>[&gt; `Fragments <span><span>| `Message</span> of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-answer_session_ticket"><a href="#val-answer_session_ticket" class="anchor"></a><code><span><span class="keyword">val</span> answer_session_ticket : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Core/index.html#type-session_ticket">Core.session_ticket</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a> * <span><span class="type-var">'a</span> list</span>, <span class="type-var">'b</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-handle_key_update"><a href="#val-handle_key_update" class="anchor"></a><code><span><span class="keyword">val</span> handle_key_update : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Packet/index.html#type-key_update_request_type">Packet.key_update_request_type</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a>
+   * <span><span>[&gt; <span>`Change_dec of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Change_enc</span> of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Record</span> of <a href="../Packet/index.html#type-content_type">Packet.content_type</a> * string</span> ]</span>
+       list</span>,
+    <span>[&gt; <span>`Fatal of <span>[&gt; <span>`Handshake of <span>[&gt; `Fragments <span><span>| `Message</span> of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-handle_handshake"><a href="#val-handle_handshake" class="anchor"></a><code><span><span class="keyword">val</span> handle_handshake : 
+  <span><a href="../State/index.html#type-client13_handshake_state">State.client13_handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a>
+   * <span><span>[&gt; <span>`Change_dec of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Change_enc</span> of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Record</span> of <a href="../Packet/index.html#type-content_type">Packet.content_type</a> * string</span> ]</span>
+       list</span>,
+    <span>[&gt; <span>`Error of
+         <span>[&gt; <span>`AuthenticationFailure of <span class="xref-unresolved">X509</span>.Validation.validation_error</span>
+         <span><span>| `NoConfiguredSignatureAlgorithm</span> of <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span> ]</span></span>
+    <span><span>| `Fatal</span> of
+      <span>[&gt; <span>`Bad_certificate of string</span>
+      <span><span>| `Decode</span> of string</span>
+      <span><span>| `Handshake</span> of
+        <span>[&gt; <span>`BadDH of string</span>
+        <span><span>| `BadECDH</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.error</span>
+        <span>| `Fragments</span>
+        <span><span>| `Message</span> of string</span> ]</span></span>
+      <span><span>| `Unexpected</span> of <span>[&gt; <span>`Handshake of <a href="../Core/index.html#type-tls_handshake">Core.tls_handshake</a></span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Handshake_common/Group/index.html b/doc/tls/Tls/Handshake_common/Group/index.html
new file mode 100644
index 00000000..08f837b0
--- /dev/null
+++ b/doc/tls/Tls/Handshake_common/Group/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Group (tls.Tls.Handshake_common.Group)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls</a> &#x00BB; <a href="../../index.html">Tls</a> &#x00BB; <a href="../index.html">Handshake_common</a> &#x00BB; Group</nav><header class="odoc-preamble"><h1>Module <code><span>Handshake_common.Group</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = <a href="../../Packet/index.html#type-named_group">Packet.named_group</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-compare"><a href="#val-compare" class="anchor"></a><code><span><span class="keyword">val</span> compare : <span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span> <span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Handshake_common/GroupSet/index.html b/doc/tls/Tls/Handshake_common/GroupSet/index.html
new file mode 100644
index 00000000..021a3ba2
--- /dev/null
+++ b/doc/tls/Tls/Handshake_common/GroupSet/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>GroupSet (tls.Tls.Handshake_common.GroupSet)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls</a> &#x00BB; <a href="../../index.html">Tls</a> &#x00BB; <a href="../index.html">Handshake_common</a> &#x00BB; GroupSet</nav><header class="odoc-preamble"><h1>Module <code><span>Handshake_common.GroupSet</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-elt"><a href="#type-elt" class="anchor"></a><code><span><span class="keyword">type</span> elt</span><span> = <a href="../Group/index.html#type-t">Group.t</a></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-t"><a href="#type-t" class="anchor"></a><code><span><span class="keyword">type</span> t</span><span> = <span class="xref-unresolved">Stdlib__Set</span>.Make(<span class="xref-unresolved">Group</span>).t</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-empty"><a href="#val-empty" class="anchor"></a><code><span><span class="keyword">val</span> empty : <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-add"><a href="#val-add" class="anchor"></a><code><span><span class="keyword">val</span> add : <span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-singleton"><a href="#val-singleton" class="anchor"></a><code><span><span class="keyword">val</span> singleton : <span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-remove"><a href="#val-remove" class="anchor"></a><code><span><span class="keyword">val</span> remove : <span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-union"><a href="#val-union" class="anchor"></a><code><span><span class="keyword">val</span> union : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-inter"><a href="#val-inter" class="anchor"></a><code><span><span class="keyword">val</span> inter : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-disjoint"><a href="#val-disjoint" class="anchor"></a><code><span><span class="keyword">val</span> disjoint : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-diff"><a href="#val-diff" class="anchor"></a><code><span><span class="keyword">val</span> diff : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-cardinal"><a href="#val-cardinal" class="anchor"></a><code><span><span class="keyword">val</span> cardinal : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-elements"><a href="#val-elements" class="anchor"></a><code><span><span class="keyword">val</span> elements : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-elt">elt</a> list</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-min_elt"><a href="#val-min_elt" class="anchor"></a><code><span><span class="keyword">val</span> min_elt : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-elt">elt</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-min_elt_opt"><a href="#val-min_elt_opt" class="anchor"></a><code><span><span class="keyword">val</span> min_elt_opt : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-elt">elt</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-max_elt"><a href="#val-max_elt" class="anchor"></a><code><span><span class="keyword">val</span> max_elt : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-elt">elt</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-max_elt_opt"><a href="#val-max_elt_opt" class="anchor"></a><code><span><span class="keyword">val</span> max_elt_opt : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-elt">elt</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-choose"><a href="#val-choose" class="anchor"></a><code><span><span class="keyword">val</span> choose : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-elt">elt</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-choose_opt"><a href="#val-choose_opt" class="anchor"></a><code><span><span class="keyword">val</span> choose_opt : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-elt">elt</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-find"><a href="#val-find" class="anchor"></a><code><span><span class="keyword">val</span> find : <span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-elt">elt</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-find_opt"><a href="#val-find_opt" class="anchor"></a><code><span><span class="keyword">val</span> find_opt : <span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-elt">elt</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-find_first"><a href="#val-find_first" class="anchor"></a><code><span><span class="keyword">val</span> find_first : <span><span>(<span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> bool)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-elt">elt</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-find_first_opt"><a href="#val-find_first_opt" class="anchor"></a><code><span><span class="keyword">val</span> find_first_opt : <span><span>(<span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> bool)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-elt">elt</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-find_last"><a href="#val-find_last" class="anchor"></a><code><span><span class="keyword">val</span> find_last : <span><span>(<span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> bool)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-elt">elt</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-find_last_opt"><a href="#val-find_last_opt" class="anchor"></a><code><span><span class="keyword">val</span> find_last_opt : <span><span>(<span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> bool)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-elt">elt</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-iter"><a href="#val-iter" class="anchor"></a><code><span><span class="keyword">val</span> iter : <span><span>(<span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> unit)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-fold"><a href="#val-fold" class="anchor"></a><code><span><span class="keyword">val</span> fold : <span><span>(<span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="type-var">'acc</span> <span class="arrow">&#45;&gt;</span></span> <span class="type-var">'acc</span>)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="type-var">'acc</span> <span class="arrow">&#45;&gt;</span></span> <span class="type-var">'acc</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-map"><a href="#val-map" class="anchor"></a><code><span><span class="keyword">val</span> map : <span><span>(<span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-elt">elt</a>)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-filter"><a href="#val-filter" class="anchor"></a><code><span><span class="keyword">val</span> filter : <span><span>(<span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> bool)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-filter_map"><a href="#val-filter_map" class="anchor"></a><code><span><span class="keyword">val</span> filter_map : <span><span>(<span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-elt">elt</a> option</span>)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-partition"><a href="#val-partition" class="anchor"></a><code><span><span class="keyword">val</span> partition : <span><span>(<span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> bool)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a> * <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-split"><a href="#val-split" class="anchor"></a><code><span><span class="keyword">val</span> split : <span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a> * bool * <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-is_empty"><a href="#val-is_empty" class="anchor"></a><code><span><span class="keyword">val</span> is_empty : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-mem"><a href="#val-mem" class="anchor"></a><code><span><span class="keyword">val</span> mem : <span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-equal"><a href="#val-equal" class="anchor"></a><code><span><span class="keyword">val</span> equal : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-compare"><a href="#val-compare" class="anchor"></a><code><span><span class="keyword">val</span> compare : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-subset"><a href="#val-subset" class="anchor"></a><code><span><span class="keyword">val</span> subset : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-for_all"><a href="#val-for_all" class="anchor"></a><code><span><span class="keyword">val</span> for_all : <span><span>(<span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> bool)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-exists"><a href="#val-exists" class="anchor"></a><code><span><span class="keyword">val</span> exists : <span><span>(<span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> bool)</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-to_list"><a href="#val-to_list" class="anchor"></a><code><span><span class="keyword">val</span> to_list : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-elt">elt</a> list</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_list"><a href="#val-of_list" class="anchor"></a><code><span><span class="keyword">val</span> of_list : <span><span><a href="#type-elt">elt</a> list</span> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-to_seq_from"><a href="#val-to_seq_from" class="anchor"></a><code><span><span class="keyword">val</span> to_seq_from : <span><a href="#type-elt">elt</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-elt">elt</a> <span class="xref-unresolved">Stdlib</span>.Seq.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-to_seq"><a href="#val-to_seq" class="anchor"></a><code><span><span class="keyword">val</span> to_seq : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-elt">elt</a> <span class="xref-unresolved">Stdlib</span>.Seq.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-to_rev_seq"><a href="#val-to_rev_seq" class="anchor"></a><code><span><span class="keyword">val</span> to_rev_seq : <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-elt">elt</a> <span class="xref-unresolved">Stdlib</span>.Seq.t</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-add_seq"><a href="#val-add_seq" class="anchor"></a><code><span><span class="keyword">val</span> add_seq : <span><span><a href="#type-elt">elt</a> <span class="xref-unresolved">Stdlib</span>.Seq.t</span> <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-t">t</a> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_seq"><a href="#val-of_seq" class="anchor"></a><code><span><span class="keyword">val</span> of_seq : <span><span><a href="#type-elt">elt</a> <span class="xref-unresolved">Stdlib</span>.Seq.t</span> <span class="arrow">&#45;&gt;</span></span> <a href="#type-t">t</a></span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Handshake_common/index.html b/doc/tls/Tls/Handshake_common/index.html
new file mode 100644
index 00000000..8dfed82b
--- /dev/null
+++ b/doc/tls/Tls/Handshake_common/index.html
@@ -0,0 +1,254 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Handshake_common (tls.Tls.Handshake_common)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Handshake_common</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Handshake_common</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-src"><a href="#val-src" class="anchor"></a><code><span><span class="keyword">val</span> src : <span class="xref-unresolved">Logs</span>.src</span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Log"><a href="#module-Log" class="anchor"></a><code><span><span class="keyword">module</span> Log</span><span> : <span class="xref-unresolved">Logs</span>.LOG</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-trace_cipher"><a href="#val-trace_cipher" class="anchor"></a><code><span><span class="keyword">val</span> trace_cipher : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span>
+  <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+  <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+  <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+  <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_128_CCM</span>
+  <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+  <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+  <span>| `RSA_WITH_AES_256_CCM</span>
+  <span>| `RSA_WITH_AES_256_GCM_SHA384</span> AES_128_CCM_SHA256 AES_128_GCM_SHA256 AES_256_GCM_SHA384 CHACHA20_POLY1305_SHA256 ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-empty"><a href="#val-empty" class="anchor"></a><code><span><span class="keyword">val</span> empty : <span><span><span class="type-var">'a</span> list</span> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-change_cipher_spec"><a href="#val-change_cipher_spec" class="anchor"></a><code><span><span class="keyword">val</span> change_cipher_spec : <a href="../Packet/index.html#type-content_type">Packet.content_type</a> * string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-hostname"><a href="#val-hostname" class="anchor"></a><code><span><span class="keyword">val</span> hostname : <span><a href="../Core/index.html#type-client_hello">Core.client_hello</a> <span class="arrow">&#45;&gt;</span></span> <span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-groups"><a href="#val-groups" class="anchor"></a><code><span><span class="keyword">val</span> groups : 
+  <span><a href="../Core/index.html#type-client_hello">Core.client_hello</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&gt; `FFDHE2048
+  <span>| `FFDHE3072</span>
+  <span>| `FFDHE4096</span>
+  <span>| `FFDHE6144</span>
+  <span>| `FFDHE8192</span>
+  <span>| `P256</span>
+  <span>| `P384</span>
+  <span>| `P521</span>
+  <span>| `X25519</span> ]</span>
+    list</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-find_matching"><a href="#val-find_matching" class="anchor"></a><code><span><span class="keyword">val</span> find_matching : 
+  <span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>(<span><span class="xref-unresolved">X509</span>.Certificate.t list</span> * <span class="type-var">'a</span>)</span> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span><span class="xref-unresolved">X509</span>.Certificate.t list</span> * <span class="type-var">'a</span>)</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-agreed_cert"><a href="#val-agreed_cert" class="anchor"></a><code><span><span class="keyword">val</span> agreed_cert : 
+  <span><span>[&lt; <span>`Multiple of
+       <span><span>(<span><span class="xref-unresolved">X509</span>.Certificate.t list</span>
+        * <span>[&gt; <span>`ED25519 of <span class="type-var">'b</span></span>
+          <span><span>| `P256</span> of <span class="type-var">'c</span></span>
+          <span><span>| `P384</span> of <span class="type-var">'d</span></span>
+          <span><span>| `P521</span> of <span class="type-var">'e</span></span>
+          <span><span>| `RSA</span> of <span class="type-var">'f</span></span> ]</span> <span class="keyword">as</span> 'a)</span>
+         list</span></span>
+  <span><span>| `Multiple_default</span> of
+    <span>(<span><span class="xref-unresolved">X509</span>.Certificate.t list</span> * <span class="type-var">'g</span>)</span> * <span><span>(<span><span class="xref-unresolved">X509</span>.Certificate.t list</span> * <span class="type-var">'h</span>)</span> list</span></span>
+  <span>| `None</span>
+  <span><span>| `Single</span> of <span><span class="xref-unresolved">X509</span>.Certificate.t list</span> * <span class="type-var">'g</span></span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?f</span>:<span>(<span><span class="xref-unresolved">X509</span>.Certificate.t <span class="arrow">&#45;&gt;</span></span> bool)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?signature_algorithms</span>:
+    <span><span>[&lt; `ECDSA_SECP256R1_SHA1
+    <span>| `ECDSA_SECP256R1_SHA256</span>
+    <span>| `ECDSA_SECP384R1_SHA384</span>
+    <span>| `ECDSA_SECP521R1_SHA512</span>
+    <span>| `ED25519</span>
+    <span>| `RSA_PKCS1_MD5</span>
+    <span>| `RSA_PKCS1_SHA1</span>
+    <span>| `RSA_PKCS1_SHA224</span>
+    <span>| `RSA_PKCS1_SHA256</span>
+    <span>| `RSA_PKCS1_SHA384</span>
+    <span>| `RSA_PKCS1_SHA512</span>
+    <span>| `RSA_PSS_RSAENC_SHA256</span>
+    <span>| `RSA_PSS_RSAENC_SHA384</span>
+    <span>| `RSA_PSS_RSAENC_SHA512</span> ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ED25519 ]</span>
+      list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span><span class="xref-unresolved">X509</span>.Certificate.t list</span> * <span class="type-var">'g</span>,
+    <span>[&gt; <span>`Error of
+         <span>[&gt; `CouldntSelectCertificate <span><span>| `NoMatchingCertificateFound</span> of string</span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-get_secure_renegotiation"><a href="#val-get_secure_renegotiation" class="anchor"></a><code><span><span class="keyword">val</span> get_secure_renegotiation : 
+  <span><span><span>[&gt; <span>`SecureRenegotiation of <span class="type-var">'a</span></span> ]</span> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="type-var">'b</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-get_alpn_protocols"><a href="#val-get_alpn_protocols" class="anchor"></a><code><span><span class="keyword">val</span> get_alpn_protocols : <span><a href="../Core/index.html#type-client_hello">Core.client_hello</a> <span class="arrow">&#45;&gt;</span></span> <span><span>string list</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-alpn_protocol"><a href="#val-alpn_protocol" class="anchor"></a><code><span><span class="keyword">val</span> alpn_protocol : 
+  <span><a href="../Config/index.html#type-config">Config.config</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Core/index.html#type-client_hello">Core.client_hello</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span>string option</span>, <span>[&gt; <span>`Fatal of <span>[&gt; `No_application_protocol ]</span></span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-get_alpn_protocol"><a href="#val-get_alpn_protocol" class="anchor"></a><code><span><span class="keyword">val</span> get_alpn_protocol : <span><a href="../Core/index.html#type-server_hello">Core.server_hello</a> <span class="arrow">&#45;&gt;</span></span> <span>string option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-empty_common_session_data"><a href="#val-empty_common_session_data" class="anchor"></a><code><span><span class="keyword">val</span> empty_common_session_data : <a href="../State/index.html#type-common_session_data">State.common_session_data</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-empty_session"><a href="#val-empty_session" class="anchor"></a><code><span><span class="keyword">val</span> empty_session : <a href="../State/index.html#type-session_data">State.session_data</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-empty_session13"><a href="#val-empty_session13" class="anchor"></a><code><span><span class="keyword">val</span> empty_session13 : <span><a href="../Ciphersuite/index.html#type-ciphersuite13">Ciphersuite.ciphersuite13</a> <span class="arrow">&#45;&gt;</span></span> <a href="../State/index.html#type-session_data13">State.session_data13</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-common_session_data_of_epoch"><a href="#val-common_session_data_of_epoch" class="anchor"></a><code><span><span class="keyword">val</span> common_session_data_of_epoch : 
+  <span><a href="../Core/index.html#type-epoch_data">Core.epoch_data</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-common_session_data">State.common_session_data</a> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../State/index.html#type-common_session_data">State.common_session_data</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-session_of_epoch"><a href="#val-session_of_epoch" class="anchor"></a><code><span><span class="keyword">val</span> session_of_epoch : <span><a href="../Core/index.html#type-epoch_data">Core.epoch_data</a> <span class="arrow">&#45;&gt;</span></span> <a href="../State/index.html#type-session_data">State.session_data</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-session13_of_epoch"><a href="#val-session13_of_epoch" class="anchor"></a><code><span><span class="keyword">val</span> session13_of_epoch : 
+  <span><a href="../Ciphersuite/index.html#type-ciphersuite13">Ciphersuite.ciphersuite13</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Core/index.html#type-epoch_data">Core.epoch_data</a> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../State/index.html#type-session_data13">State.session_data13</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-supported_protocol_version"><a href="#val-supported_protocol_version" class="anchor"></a><code><span><span class="keyword">val</span> supported_protocol_version : 
+  <span><span>(<span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span>
+   * <span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span>)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> <span class="keyword">as</span> 'a <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="type-var">'b</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-to_client_ext_type"><a href="#val-to_client_ext_type" class="anchor"></a><code><span><span class="keyword">val</span> to_client_ext_type : 
+  <span><span>[&lt; <span>`ALPN of <span class="type-var">'a</span></span>
+  <span><span>| `Cookie</span> of <span class="type-var">'b</span></span>
+  <span><span>| `Draft</span> of <span class="type-var">'c</span></span>
+  <span>| `ECPointFormats</span>
+  <span>| `EarlyDataIndication</span>
+  <span>| `ExtendedMasterSecret</span>
+  <span><span>| `Hostname</span> of <span class="type-var">'d</span></span>
+  <span><span>| `KeyShare</span> of <span class="type-var">'e</span></span>
+  <span><span>| `MaxFragmentLength</span> of <span class="type-var">'f</span></span>
+  <span><span>| `Padding</span> of <span class="type-var">'g</span></span>
+  <span>| `PostHandshakeAuthentication</span>
+  <span><span>| `PreSharedKeys</span> of <span class="type-var">'h</span></span>
+  <span><span>| `PskKeyExchangeModes</span> of <span class="type-var">'i</span></span>
+  <span><span>| `SecureRenegotiation</span> of <span class="type-var">'j</span></span>
+  <span><span>| `SignatureAlgorithms</span> of <span class="type-var">'k</span></span>
+  <span><span>| `SupportedGroups</span> of <span class="type-var">'l</span></span>
+  <span><span>| `SupportedVersions</span> of <span class="type-var">'m</span></span>
+  <span><span>| `UnknownExtension</span> of <span class="type-var">'n</span></span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>[&gt; `ALPN
+  <span>| `Cookie</span>
+  <span>| `Draft</span>
+  <span>| `ECPointFormats</span>
+  <span>| `EarlyDataIndication</span>
+  <span>| `ExtendedMasterSecret</span>
+  <span>| `Hostname</span>
+  <span>| `KeyShare</span>
+  <span>| `MaxFragmentLength</span>
+  <span>| `Padding</span>
+  <span>| `PostHandshakeAuthentication</span>
+  <span>| `PreSharedKey</span>
+  <span>| `PskKeyExchangeMode</span>
+  <span>| `SecureRenegotiation</span>
+  <span>| `SignatureAlgorithms</span>
+  <span>| `SupportedGroups</span>
+  <span>| `SupportedVersion</span>
+  <span>| `UnknownExtension</span> ]</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-to_server_ext_type"><a href="#val-to_server_ext_type" class="anchor"></a><code><span><span class="keyword">val</span> to_server_ext_type : 
+  <span><span>[&lt; <span>`ALPN of <span class="type-var">'a</span></span>
+  <span><span>| `Draft</span> of <span class="type-var">'b</span></span>
+  <span>| `ECPointFormats</span>
+  <span>| `EarlyDataIndication</span>
+  <span>| `ExtendedMasterSecret</span>
+  <span>| `Hostname</span>
+  <span><span>| `KeyShare</span> of <span class="type-var">'c</span></span>
+  <span><span>| `MaxFragmentLength</span> of <span class="type-var">'d</span></span>
+  <span><span>| `PreSharedKey</span> of <span class="type-var">'e</span></span>
+  <span><span>| `SecureRenegotiation</span> of <span class="type-var">'f</span></span>
+  <span><span>| `SelectedVersion</span> of <span class="type-var">'g</span></span>
+  <span><span>| `UnknownExtension</span> of <span class="type-var">'h</span></span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>[&gt; `ALPN
+  <span>| `Draft</span>
+  <span>| `ECPointFormats</span>
+  <span>| `EarlyDataIndication</span>
+  <span>| `ExtendedMasterSecret</span>
+  <span>| `Hostname</span>
+  <span>| `KeyShare</span>
+  <span>| `MaxFragmentLength</span>
+  <span>| `PreSharedKey</span>
+  <span>| `SecureRenegotiation</span>
+  <span>| `SupportedVersion</span>
+  <span>| `UnknownExtension</span> ]</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-extension_types"><a href="#val-extension_types" class="anchor"></a><code><span><span class="keyword">val</span> extension_types : 
+  <span><span>(<span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span> <span>[&gt; `UnknownExtension ]</span> <span class="keyword">as</span> 'b)</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span class="type-var">'a</span> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="type-var">'c</span> list</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-server_exts_subset_of_client"><a href="#val-server_exts_subset_of_client" class="anchor"></a><code><span><span class="keyword">val</span> server_exts_subset_of_client : 
+  <span><span><span>[&lt; <span>`ALPN of <span class="type-var">'a</span></span>
+  <span><span>| `Draft</span> of <span class="type-var">'b</span></span>
+  <span>| `ECPointFormats</span>
+  <span>| `EarlyDataIndication</span>
+  <span>| `ExtendedMasterSecret</span>
+  <span>| `Hostname</span>
+  <span><span>| `KeyShare</span> of <span class="type-var">'c</span></span>
+  <span><span>| `MaxFragmentLength</span> of <span class="type-var">'d</span></span>
+  <span><span>| `PreSharedKey</span> of <span class="type-var">'e</span></span>
+  <span><span>| `SecureRenegotiation</span> of <span class="type-var">'f</span></span>
+  <span><span>| `SelectedVersion</span> of <span class="type-var">'g</span></span>
+  <span><span>| `UnknownExtension</span> of <span class="type-var">'h</span></span> ]</span>
+    list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span>[&lt; <span>`ALPN of <span class="type-var">'i</span></span>
+  <span><span>| `Cookie</span> of <span class="type-var">'j</span></span>
+  <span><span>| `Draft</span> of <span class="type-var">'k</span></span>
+  <span>| `ECPointFormats</span>
+  <span>| `EarlyDataIndication</span>
+  <span>| `ExtendedMasterSecret</span>
+  <span><span>| `Hostname</span> of <span class="type-var">'l</span></span>
+  <span><span>| `KeyShare</span> of <span class="type-var">'m</span></span>
+  <span><span>| `MaxFragmentLength</span> of <span class="type-var">'n</span></span>
+  <span><span>| `Padding</span> of <span class="type-var">'o</span></span>
+  <span>| `PostHandshakeAuthentication</span>
+  <span><span>| `PreSharedKeys</span> of <span class="type-var">'p</span></span>
+  <span><span>| `PskKeyExchangeModes</span> of <span class="type-var">'q</span></span>
+  <span><span>| `SecureRenegotiation</span> of <span class="type-var">'r</span></span>
+  <span><span>| `SignatureAlgorithms</span> of <span class="type-var">'s</span></span>
+  <span><span>| `SupportedGroups</span> of <span class="type-var">'t</span></span>
+  <span><span>| `SupportedVersions</span> of <span class="type-var">'u</span></span>
+  <span><span>| `UnknownExtension</span> of <span class="type-var">'v</span></span> ]</span>
+    list</span> <span class="arrow">&#45;&gt;</span></span>
+  bool</span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Group"><a href="#module-Group" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Group/index.html">Group</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-GroupSet"><a href="#module-GroupSet" class="anchor"></a><code><span><span class="keyword">module</span> <a href="GroupSet/index.html">GroupSet</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_list"><a href="#val-of_list" class="anchor"></a><code><span><span class="keyword">val</span> of_list : <span><span><a href="GroupSet/index.html#type-elt">GroupSet.elt</a> list</span> <span class="arrow">&#45;&gt;</span></span> <a href="GroupSet/index.html#type-t">GroupSet.t</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-client_hello_valid"><a href="#val-client_hello_valid" class="anchor"></a><code><span><span class="keyword">val</span> client_hello_valid : 
+  <span><span>[&lt; `SSL_3 <span>| `TLS_1_0</span> <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> <span><span>| `TLS_1_X</span> of <span class="type-var">'a</span></span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Core/index.html#type-client_hello">Core.client_hello</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(unit,
+    <span>[&gt; <span>`Fatal of
+         <span>[&gt; <span>`Handshake of <span>[&gt; <span>`Message of string</span> ]</span></span>
+         <span><span>| `Missing_extension</span> of string</span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-server_hello_valid"><a href="#val-server_hello_valid" class="anchor"></a><code><span><span class="keyword">val</span> server_hello_valid : <span><a href="../Core/index.html#type-server_hello">Core.server_hello</a> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-to_sign_1_3"><a href="#val-to_sign_1_3" class="anchor"></a><code><span><span class="keyword">val</span> to_sign_1_3 : <span><span>string option</span> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-signature"><a href="#val-signature" class="anchor"></a><code><span><span class="keyword">val</span> signature : 
+  <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?context_string</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">X509</span>.Private_key.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(string,
+    <span>[&gt; <span>`Error of
+         <span>[&gt; <span>`NoConfiguredSignatureAlgorithm of <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span> ]</span></span>
+    <span><span>| `Fatal</span> of
+      <span>[&gt; <span>`Bad_certificate of string</span> <span><span>| `Handshake</span> of <span>[&gt; <span>`Message of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-peer_key"><a href="#val-peer_key" class="anchor"></a><code><span><span class="keyword">val</span> peer_key : 
+  <span><span><span class="xref-unresolved">X509</span>.Certificate.t option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span class="xref-unresolved">X509</span>.Public_key.t, <span>[&gt; <span>`Fatal of <span>[&gt; <span>`Bad_certificate of string</span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-verify_digitally_signed"><a href="#val-verify_digitally_signed" class="anchor"></a><code><span><span class="keyword">val</span> verify_digitally_signed : 
+  <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?context_string</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span class="xref-unresolved">X509</span>.Certificate.t option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(unit,
+    <span>[&gt; <span>`Error of
+         <span>[&gt; <span>`NoConfiguredSignatureAlgorithm of <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span> ]</span></span>
+    <span><span>| `Fatal</span> of
+      <span>[&gt; <span>`Bad_certificate of string</span>
+      <span><span>| `Decode</span> of string</span>
+      <span><span>| `Handshake</span> of <span>[&gt; <span>`Message of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-validate_chain"><a href="#val-validate_chain" class="anchor"></a><code><span><span class="keyword">val</span> validate_chain : 
+  <span><span><span>(<span><span class="optlabel">?ip</span>:<span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span>
+    <span><span class="label">host</span>:<span class="type-var">'b</span> <span class="arrow">&#45;&gt;</span></span>
+    <span><span><span class="xref-unresolved">X509</span>.Certificate.t list</span> <span class="arrow">&#45;&gt;</span></span>
+    <span><span>(<span><span>(<span><span class="type-var">'c</span> list</span> * <span class="type-var">'d</span>)</span> option</span>, <span class="type-var">'e</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span>)</span>
+    option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>string list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span class="type-var">'a</span> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="type-var">'f</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span><span class="xref-unresolved">X509</span>.Certificate.t option</span> * <span><span class="xref-unresolved">X509</span>.Certificate.t list</span> * <span><span class="type-var">'c</span> list</span> * <span><span class="type-var">'g</span> option</span>,
+    <span>[&gt; <span>`Error of <span>[&gt; <span>`AuthenticationFailure of <span class="type-var">'e</span></span> ]</span></span>
+    <span><span>| `Fatal</span> of <span>[&gt; <span>`Bad_certificate of string</span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-output_key_update"><a href="#val-output_key_update" class="anchor"></a><code><span><span class="keyword">val</span> output_key_update : 
+  <span><span class="label">request</span>:bool <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-state">State.state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-state">State.state</a> * <span>(<a href="../Packet/index.html#type-content_type">Packet.content_type</a> * string)</span>,
+    <span>[&gt; <span>`Fatal of <span>[&gt; <span>`Handshake of <span>[&gt; <span>`Message of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Handshake_crypto/index.html b/doc/tls/Tls/Handshake_crypto/index.html
new file mode 100644
index 00000000..891c9f29
--- /dev/null
+++ b/doc/tls/Tls/Handshake_crypto/index.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Handshake_crypto (tls.Tls.Handshake_crypto)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Handshake_crypto</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Handshake_crypto</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-derive_master_secret"><a href="#val-derive_master_secret" class="anchor"></a><code><span><span class="keyword">val</span> derive_master_secret : 
+  <span><a href="../Core/index.html#type-tls_before_13">Core.tls_before_13</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-session_data">State.session_data</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>string list</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../Core/index.html#type-master_secret">Core.master_secret</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-initialise_crypto_ctx"><a href="#val-initialise_crypto_ctx" class="anchor"></a><code><span><span class="keyword">val</span> initialise_crypto_ctx : 
+  <span><a href="../Core/index.html#type-tls_before_13">Core.tls_before_13</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-session_data">State.session_data</a> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../State/index.html#type-crypto_context">State.crypto_context</a> * <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-finished"><a href="#val-finished" class="anchor"></a><code><span><span class="keyword">val</span> finished : 
+  <span><a href="../Core/index.html#type-tls_before_13">Core.tls_before_13</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>string list</span> <span class="arrow">&#45;&gt;</span></span>
+  string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pseudo_random_function"><a href="#val-pseudo_random_function" class="anchor"></a><code><span><span class="keyword">val</span> pseudo_random_function : 
+  <span><a href="../Core/index.html#type-tls_before_13">Core.tls_before_13</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>int <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  string</span></code></div><div class="spec-doc"><p><code>pseudo_random_function version cipher length secret label seed</code></p></div></div></div></body></html>
diff --git a/doc/tls/Tls/Handshake_crypto13/index.html b/doc/tls/Tls/Handshake_crypto13/index.html
new file mode 100644
index 00000000..4bf9d008
--- /dev/null
+++ b/doc/tls/Tls/Handshake_crypto13/index.html
@@ -0,0 +1,57 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Handshake_crypto13 (tls.Tls.Handshake_crypto13)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Handshake_crypto13</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Handshake_crypto13</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-cdiv"><a href="#val-cdiv" class="anchor"></a><code><span><span class="keyword">val</span> cdiv : <span>int <span class="arrow">&#45;&gt;</span></span> <span>int <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-left_pad_dh"><a href="#val-left_pad_dh" class="anchor"></a><code><span><span class="keyword">val</span> left_pad_dh : <span><span class="xref-unresolved">Mirage_crypto_pk</span>.Dh.group <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-not_all_zero"><a href="#val-not_all_zero" class="anchor"></a><code><span><span class="keyword">val</span> not_all_zero : 
+  <span><span><span>(string, <span>[&gt; <span>`Fatal of <span>[&gt; <span>`Handshake of <span>[&gt; <span>`BadDH of string</span> ]</span></span> ]</span></span> ]</span> <span class="keyword">as</span> 'a)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(string, <span class="type-var">'a</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-dh_shared"><a href="#val-dh_shared" class="anchor"></a><code><span><span class="keyword">val</span> dh_shared : 
+  <span><span>[&lt; <span>`Finite_field of <span class="xref-unresolved">Mirage_crypto_pk</span>.Dh.secret</span>
+  <span><span>| `P256</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.P256.Dh.secret</span>
+  <span><span>| `P384</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.P384.Dh.secret</span>
+  <span><span>| `P521</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.P521.Dh.secret</span>
+  <span><span>| `X25519</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.X25519.secret</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(string,
+    <span>[&gt; <span>`Fatal of
+         <span>[&gt; <span>`Handshake of
+              <span>[&gt; <span>`BadDH of string</span> <span><span>| `BadECDH</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.error</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-dh_gen_key"><a href="#val-dh_gen_key" class="anchor"></a><code><span><span class="keyword">val</span> dh_gen_key : 
+  <span><span>[&lt; `FFDHE2048
+  <span>| `FFDHE3072</span>
+  <span>| `FFDHE4096</span>
+  <span>| `FFDHE6144</span>
+  <span>| `FFDHE8192</span>
+  <span>| `P256</span>
+  <span>| `P384</span>
+  <span>| `P521</span>
+  <span>| `X25519</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>[&gt; <span>`Finite_field of <span class="xref-unresolved">Mirage_crypto_pk</span>.Dh.secret</span>
+  <span><span>| `P256</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.P256.Dh.secret</span>
+  <span><span>| `P384</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.P384.Dh.secret</span>
+  <span><span>| `P521</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.P521.Dh.secret</span>
+  <span><span>| `X25519</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.X25519.secret</span> ]</span>
+  * string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-trace"><a href="#val-trace" class="anchor"></a><code><span><span class="keyword">val</span> trace : <span>string <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_hash_k_n"><a href="#val-pp_hash_k_n" class="anchor"></a><code><span><span class="keyword">val</span> pp_hash_k_n : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../Ciphersuite/index.html#type-aead_cipher">Ciphersuite.aead_cipher</a> * <span>[&gt; `SHA256 <span>| `SHA384</span> ]</span> * int * int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-hkdflabel"><a href="#val-hkdflabel" class="anchor"></a><code><span><span class="keyword">val</span> hkdflabel : <span>string <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <span>int <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-derive_secret_no_hash"><a href="#val-derive_secret_no_hash" class="anchor"></a><code><span><span class="keyword">val</span> derive_secret_no_hash : 
+  <span><span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?length</span>:int <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="optlabel">?ctx</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-derive_secret"><a href="#val-derive_secret" class="anchor"></a><code><span><span class="keyword">val</span> derive_secret : <span><a href="../State/index.html#type-kdf">State.kdf</a> <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-empty"><a href="#val-empty" class="anchor"></a><code><span><span class="keyword">val</span> empty : <span><a href="../Ciphersuite/index.html#type-ciphersuite13">Ciphersuite.ciphersuite13</a> <span class="arrow">&#45;&gt;</span></span> <a href="../State/index.html#type-kdf">State.kdf</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-derive"><a href="#val-derive" class="anchor"></a><code><span><span class="keyword">val</span> derive : <span><a href="../State/index.html#type-kdf">State.kdf</a> <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <a href="../State/index.html#type-kdf">State.kdf</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-traffic_key"><a href="#val-traffic_key" class="anchor"></a><code><span><span class="keyword">val</span> traffic_key : 
+  <span><span>[&lt; `AES_128_CCM_SHA256
+  <span>| `AES_128_GCM_SHA256</span>
+  <span>| `AES_256_GCM_SHA384</span>
+  <span>| `CHACHA20_POLY1305_SHA256</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  string * string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ctx"><a href="#val-ctx" class="anchor"></a><code><span><span class="keyword">val</span> ctx : <span><a href="../State/index.html#type-kdf">State.kdf</a> <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-early_traffic"><a href="#val-early_traffic" class="anchor"></a><code><span><span class="keyword">val</span> early_traffic : 
+  <span><a href="../State/index.html#type-kdf">State.kdf</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  string * <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-hs_ctx"><a href="#val-hs_ctx" class="anchor"></a><code><span><span class="keyword">val</span> hs_ctx : 
+  <span><a href="../State/index.html#type-kdf">State.kdf</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  string * <a href="../State/index.html#type-crypto_context">State.crypto_context</a> * string * <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-app_ctx"><a href="#val-app_ctx" class="anchor"></a><code><span><span class="keyword">val</span> app_ctx : 
+  <span><a href="../State/index.html#type-kdf">State.kdf</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  string * <a href="../State/index.html#type-crypto_context">State.crypto_context</a> * string * <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-app_secret_n_1"><a href="#val-app_secret_n_1" class="anchor"></a><code><span><span class="keyword">val</span> app_secret_n_1 : <span><a href="../State/index.html#type-kdf">State.kdf</a> <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> string * <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-exporter"><a href="#val-exporter" class="anchor"></a><code><span><span class="keyword">val</span> exporter : <span><a href="../State/index.html#type-kdf">State.kdf</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-resumption"><a href="#val-resumption" class="anchor"></a><code><span><span class="keyword">val</span> resumption : <span><a href="../State/index.html#type-kdf">State.kdf</a> <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-res_secret"><a href="#val-res_secret" class="anchor"></a><code><span><span class="keyword">val</span> res_secret : <span><span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-finished"><a href="#val-finished" class="anchor"></a><code><span><span class="keyword">val</span> finished : <span><span class="xref-unresolved">Digestif</span>.hash' <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Handshake_server/index.html b/doc/tls/Tls/Handshake_server/index.html
new file mode 100644
index 00000000..f71f106f
--- /dev/null
+++ b/doc/tls/Tls/Handshake_server/index.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Handshake_server (tls.Tls.Handshake_server)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Handshake_server</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Handshake_server</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-hello_request"><a href="#val-hello_request" class="anchor"></a><code><span><span class="keyword">val</span> hello_request : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_return">State.handshake_return</a>, <a href="../State/index.html#type-failure">State.failure</a>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-handle_change_cipher_spec"><a href="#val-handle_change_cipher_spec" class="anchor"></a><code><span><span class="keyword">val</span> handle_change_cipher_spec : 
+  <span><a href="../State/index.html#type-server_handshake_state">State.server_handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_return">State.handshake_return</a>, <a href="../State/index.html#type-failure">State.failure</a>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-handle_handshake"><a href="#val-handle_handshake" class="anchor"></a><code><span><span class="keyword">val</span> handle_handshake : 
+  <span><a href="../State/index.html#type-server_handshake_state">State.server_handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_return">State.handshake_return</a>, <a href="../State/index.html#type-failure">State.failure</a>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Handshake_server13/index.html b/doc/tls/Tls/Handshake_server13/index.html
new file mode 100644
index 00000000..15af97fd
--- /dev/null
+++ b/doc/tls/Tls/Handshake_server13/index.html
@@ -0,0 +1,123 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Handshake_server13 (tls.Tls.Handshake_server13)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Handshake_server13</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Handshake_server13</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-answer_client_hello"><a href="#val-answer_client_hello" class="anchor"></a><code><span><span class="keyword">val</span> answer_client_hello : 
+  <span><span class="label">hrr</span>:bool <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Core/index.html#type-client_hello">Core.client_hello</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a>
+   * <span><span>[&gt; <span>`Change_dec of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Change_enc</span> of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Record</span> of <a href="../Packet/index.html#type-content_type">Packet.content_type</a> * string</span> ]</span>
+       list</span>,
+    <span>[&gt; <span>`Error of
+         <span>[&gt; `CouldntSelectCertificate
+         <span><span>| `NoConfiguredCiphersuite</span> of
+           <span><span>[&gt; `AES_128_CCM_SHA256
+           <span>| `AES_128_GCM_SHA256</span>
+           <span>| `AES_256_GCM_SHA384</span>
+           <span>| `CHACHA20_POLY1305_SHA256</span> ]</span>
+             list</span></span>
+         <span><span>| `NoConfiguredSignatureAlgorithm</span> of <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span>
+         <span><span>| `NoMatchingCertificateFound</span> of string</span> ]</span></span>
+    <span><span>| `Fatal</span> of
+      <span>[&gt; <span>`Bad_certificate of string</span>
+      <span><span>| `Handshake</span> of
+        <span>[&gt; <span>`BadDH of string</span>
+        <span><span>| `BadECDH</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.error</span>
+        <span>| `Fragments</span>
+        <span><span>| `Message</span> of string</span> ]</span></span>
+      <span><span>| `Missing_extension</span> of string</span>
+      <span>| `No_application_protocol</span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-answer_client_certificate"><a href="#val-answer_client_certificate" class="anchor"></a><code><span><span class="keyword">val</span> answer_client_certificate : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-session_data13">State.session_data13</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-crypto_context">State.crypto_context</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="../Core/index.html#type-session_ticket">Core.session_ticket</a> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a> * <span><span class="type-var">'a</span> list</span>,
+    <span>[&gt; <span>`Error of
+         <span>[&gt; <span>`AuthenticationFailure of <span class="xref-unresolved">X509</span>.Validation.validation_error</span> ]</span></span>
+    <span><span>| `Fatal</span> of
+      <span>[&gt; <span>`Bad_certificate of string</span>
+      <span><span>| `Decode</span> of string</span>
+      <span><span>| `Handshake</span> of <span>[&gt; <span>`Message of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-answer_client_certificate_verify"><a href="#val-answer_client_certificate_verify" class="anchor"></a><code><span><span class="keyword">val</span> answer_client_certificate_verify : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-session_data13">State.session_data13</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-crypto_context">State.crypto_context</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="../Core/index.html#type-session_ticket">Core.session_ticket</a> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a> * <span><span class="type-var">'a</span> list</span>,
+    <span>[&gt; <span>`Error of
+         <span>[&gt; <span>`NoConfiguredSignatureAlgorithm of <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span> ]</span></span>
+    <span><span>| `Fatal</span> of
+      <span>[&gt; <span>`Bad_certificate of string</span>
+      <span><span>| `Decode</span> of string</span>
+      <span><span>| `Handshake</span> of <span>[&gt; <span>`Message of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-answer_client_finished"><a href="#val-answer_client_finished" class="anchor"></a><code><span><span class="keyword">val</span> answer_client_finished : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="../Core/index.html#type-session_ticket">Core.session_ticket</a> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a> * <span><span>[&gt; <span>`Change_dec of <span class="type-var">'a</span></span> ]</span> list</span>,
+    <span>[&gt; <span>`Fatal of <span>[&gt; <span>`Handshake of <span>[&gt; `Fragments <span><span>| `Message</span> of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-handle_end_of_early_data"><a href="#val-handle_end_of_early_data" class="anchor"></a><code><span><span class="keyword">val</span> handle_end_of_early_data : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-crypto_context">State.crypto_context</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="../Core/index.html#type-session_ticket">Core.session_ticket</a> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a> * <span><span>[&gt; <span>`Change_dec of <span class="type-var">'a</span></span> ]</span> list</span>,
+    <span>[&gt; <span>`Fatal of <span>[&gt; <span>`Handshake of <span>[&gt; <span>`Message of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-handle_key_update"><a href="#val-handle_key_update" class="anchor"></a><code><span><span class="keyword">val</span> handle_key_update : 
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Packet/index.html#type-key_update_request_type">Packet.key_update_request_type</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a>
+   * <span><span>[&gt; <span>`Change_dec of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Change_enc</span> of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Record</span> of <a href="../Packet/index.html#type-content_type">Packet.content_type</a> * string</span> ]</span>
+       list</span>,
+    <span>[&gt; <span>`Fatal of <span>[&gt; <span>`Handshake of <span>[&gt; `Fragments <span><span>| `Message</span> of string</span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-handle_handshake"><a href="#val-handle_handshake" class="anchor"></a><code><span><span class="keyword">val</span> handle_handshake : 
+  <span><a href="../State/index.html#type-server13_handshake_state">State.server13_handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../State/index.html#type-handshake_state">State.handshake_state</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span class="xref-unresolved">Stdlib</span>.String.t <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../State/index.html#type-handshake_state">State.handshake_state</a>
+   * <span><span>[&gt; <span>`Change_dec of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Change_enc</span> of <a href="../State/index.html#type-crypto_context">State.crypto_context</a></span>
+     <span><span>| `Record</span> of <a href="../Packet/index.html#type-content_type">Packet.content_type</a> * string</span> ]</span>
+       list</span>,
+    <span>[&gt; <span>`Error of
+         <span>[&gt; <span>`AuthenticationFailure of <span class="xref-unresolved">X509</span>.Validation.validation_error</span>
+         <span>| `CouldntSelectCertificate</span>
+         <span><span>| `NoConfiguredCiphersuite</span> of
+           <span><span>[&gt; `AES_128_CCM_SHA256
+           <span>| `AES_128_GCM_SHA256</span>
+           <span>| `AES_256_GCM_SHA384</span>
+           <span>| `CHACHA20_POLY1305_SHA256</span> ]</span>
+             list</span></span>
+         <span><span>| `NoConfiguredSignatureAlgorithm</span> of <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span>
+         <span><span>| `NoMatchingCertificateFound</span> of string</span> ]</span></span>
+    <span><span>| `Fatal</span> of
+      <span>[&gt; <span>`Bad_certificate of string</span>
+      <span><span>| `Decode</span> of string</span>
+      <span><span>| `Handshake</span> of
+        <span>[&gt; <span>`BadDH of string</span>
+        <span><span>| `BadECDH</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.error</span>
+        <span>| `Fragments</span>
+        <span><span>| `Message</span> of string</span> ]</span></span>
+      <span><span>| `Missing_extension</span> of string</span>
+      <span>| `No_application_protocol</span>
+      <span><span>| `Unexpected</span> of <span>[&gt; <span>`Handshake of <a href="../Core/index.html#type-tls_handshake">Core.tls_handshake</a></span> ]</span></span> ]</span></span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Packet/index.html b/doc/tls/Tls/Packet/index.html
new file mode 100644
index 00000000..b68d8218
--- /dev/null
+++ b/doc/tls/Tls/Packet/index.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Packet (tls.Tls.Packet)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Packet</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Packet</span></code></h1><p>Magic numbers of the TLS protocol.</p></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-get_uint24_len"><a href="#val-get_uint24_len" class="anchor"></a><code><span><span class="keyword">val</span> get_uint24_len : <span><span class="label">off</span>:int <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-set_uint24_len"><a href="#val-set_uint24_len" class="anchor"></a><code><span><span class="keyword">val</span> set_uint24_len : <span><span class="label">off</span>:int <span class="arrow">&#45;&gt;</span></span> <span>bytes <span class="arrow">&#45;&gt;</span></span> <span>int <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-content_type"><a href="#type-content_type" class="anchor"></a><code><span><span class="keyword">type</span> content_type</span><span> = </span></code><ol><li id="type-content_type.CHANGE_CIPHER_SPEC" class="def variant constructor anchored"><a href="#type-content_type.CHANGE_CIPHER_SPEC" class="anchor"></a><code><span>| </span><span><span class="constructor">CHANGE_CIPHER_SPEC</span></span></code></li><li id="type-content_type.ALERT" class="def variant constructor anchored"><a href="#type-content_type.ALERT" class="anchor"></a><code><span>| </span><span><span class="constructor">ALERT</span></span></code></li><li id="type-content_type.HANDSHAKE" class="def variant constructor anchored"><a href="#type-content_type.HANDSHAKE" class="anchor"></a><code><span>| </span><span><span class="constructor">HANDSHAKE</span></span></code></li><li id="type-content_type.APPLICATION_DATA" class="def variant constructor anchored"><a href="#type-content_type.APPLICATION_DATA" class="anchor"></a><code><span>| </span><span><span class="constructor">APPLICATION_DATA</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-content_type_to_int"><a href="#val-content_type_to_int" class="anchor"></a><code><span><span class="keyword">val</span> content_type_to_int : <span><a href="#type-content_type">content_type</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_content_type"><a href="#val-int_to_content_type" class="anchor"></a><code><span><span class="keyword">val</span> int_to_content_type : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-content_type">content_type</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-content_type_to_string"><a href="#val-content_type_to_string" class="anchor"></a><code><span><span class="keyword">val</span> content_type_to_string : <span><a href="#type-content_type">content_type</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_content_type"><a href="#val-pp_content_type" class="anchor"></a><code><span><span class="keyword">val</span> pp_content_type : <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-content_type">content_type</a> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-alert_level"><a href="#type-alert_level" class="anchor"></a><code><span><span class="keyword">type</span> alert_level</span><span> = </span></code><ol><li id="type-alert_level.WARNING" class="def variant constructor anchored"><a href="#type-alert_level.WARNING" class="anchor"></a><code><span>| </span><span><span class="constructor">WARNING</span></span></code></li><li id="type-alert_level.FATAL" class="def variant constructor anchored"><a href="#type-alert_level.FATAL" class="anchor"></a><code><span>| </span><span><span class="constructor">FATAL</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_alert_level"><a href="#val-pp_alert_level" class="anchor"></a><code><span><span class="keyword">val</span> pp_alert_level : <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-alert_level">alert_level</a> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-alert_level_to_int"><a href="#val-alert_level_to_int" class="anchor"></a><code><span><span class="keyword">val</span> alert_level_to_int : <span><a href="#type-alert_level">alert_level</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_alert_level"><a href="#val-int_to_alert_level" class="anchor"></a><code><span><span class="keyword">val</span> int_to_alert_level : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-alert_level">alert_level</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-alert_type"><a href="#type-alert_type" class="anchor"></a><code><span><span class="keyword">type</span> alert_type</span><span> = </span></code><ol><li id="type-alert_type.CLOSE_NOTIFY" class="def variant constructor anchored"><a href="#type-alert_type.CLOSE_NOTIFY" class="anchor"></a><code><span>| </span><span><span class="constructor">CLOSE_NOTIFY</span></span></code></li><li id="type-alert_type.UNEXPECTED_MESSAGE" class="def variant constructor anchored"><a href="#type-alert_type.UNEXPECTED_MESSAGE" class="anchor"></a><code><span>| </span><span><span class="constructor">UNEXPECTED_MESSAGE</span></span></code></li><li id="type-alert_type.BAD_RECORD_MAC" class="def variant constructor anchored"><a href="#type-alert_type.BAD_RECORD_MAC" class="anchor"></a><code><span>| </span><span><span class="constructor">BAD_RECORD_MAC</span></span></code></li><li id="type-alert_type.RECORD_OVERFLOW" class="def variant constructor anchored"><a href="#type-alert_type.RECORD_OVERFLOW" class="anchor"></a><code><span>| </span><span><span class="constructor">RECORD_OVERFLOW</span></span></code></li><li id="type-alert_type.HANDSHAKE_FAILURE" class="def variant constructor anchored"><a href="#type-alert_type.HANDSHAKE_FAILURE" class="anchor"></a><code><span>| </span><span><span class="constructor">HANDSHAKE_FAILURE</span></span></code></li><li id="type-alert_type.BAD_CERTIFICATE" class="def variant constructor anchored"><a href="#type-alert_type.BAD_CERTIFICATE" class="anchor"></a><code><span>| </span><span><span class="constructor">BAD_CERTIFICATE</span></span></code></li><li id="type-alert_type.CERTIFICATE_EXPIRED" class="def variant constructor anchored"><a href="#type-alert_type.CERTIFICATE_EXPIRED" class="anchor"></a><code><span>| </span><span><span class="constructor">CERTIFICATE_EXPIRED</span></span></code></li><li id="type-alert_type.DECODE_ERROR" class="def variant constructor anchored"><a href="#type-alert_type.DECODE_ERROR" class="anchor"></a><code><span>| </span><span><span class="constructor">DECODE_ERROR</span></span></code></li><li id="type-alert_type.PROTOCOL_VERSION" class="def variant constructor anchored"><a href="#type-alert_type.PROTOCOL_VERSION" class="anchor"></a><code><span>| </span><span><span class="constructor">PROTOCOL_VERSION</span></span></code></li><li id="type-alert_type.INAPPROPRIATE_FALLBACK" class="def variant constructor anchored"><a href="#type-alert_type.INAPPROPRIATE_FALLBACK" class="anchor"></a><code><span>| </span><span><span class="constructor">INAPPROPRIATE_FALLBACK</span></span></code></li><li id="type-alert_type.USER_CANCELED" class="def variant constructor anchored"><a href="#type-alert_type.USER_CANCELED" class="anchor"></a><code><span>| </span><span><span class="constructor">USER_CANCELED</span></span></code></li><li id="type-alert_type.NO_RENEGOTIATION" class="def variant constructor anchored"><a href="#type-alert_type.NO_RENEGOTIATION" class="anchor"></a><code><span>| </span><span><span class="constructor">NO_RENEGOTIATION</span></span></code></li><li id="type-alert_type.MISSING_EXTENSION" class="def variant constructor anchored"><a href="#type-alert_type.MISSING_EXTENSION" class="anchor"></a><code><span>| </span><span><span class="constructor">MISSING_EXTENSION</span></span></code></li><li id="type-alert_type.UNSUPPORTED_EXTENSION" class="def variant constructor anchored"><a href="#type-alert_type.UNSUPPORTED_EXTENSION" class="anchor"></a><code><span>| </span><span><span class="constructor">UNSUPPORTED_EXTENSION</span></span></code></li><li id="type-alert_type.UNRECOGNIZED_NAME" class="def variant constructor anchored"><a href="#type-alert_type.UNRECOGNIZED_NAME" class="anchor"></a><code><span>| </span><span><span class="constructor">UNRECOGNIZED_NAME</span></span></code></li><li id="type-alert_type.NO_APPLICATION_PROTOCOL" class="def variant constructor anchored"><a href="#type-alert_type.NO_APPLICATION_PROTOCOL" class="anchor"></a><code><span>| </span><span><span class="constructor">NO_APPLICATION_PROTOCOL</span></span></code></li><li id="type-alert_type.UNKNOWN" class="def variant constructor anchored"><a href="#type-alert_type.UNKNOWN" class="anchor"></a><code><span>| </span><span><span class="constructor">UNKNOWN</span> <span class="keyword">of</span> int</span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-alert_type_to_string"><a href="#val-alert_type_to_string" class="anchor"></a><code><span><span class="keyword">val</span> alert_type_to_string : <span><a href="#type-alert_type">alert_type</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-alert_type_to_int"><a href="#val-alert_type_to_int" class="anchor"></a><code><span><span class="keyword">val</span> alert_type_to_int : <span><a href="#type-alert_type">alert_type</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_alert_type"><a href="#val-int_to_alert_type" class="anchor"></a><code><span><span class="keyword">val</span> int_to_alert_type : <span>int <span class="arrow">&#45;&gt;</span></span> <a href="#type-alert_type">alert_type</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_alert"><a href="#val-pp_alert" class="anchor"></a><code><span><span class="keyword">val</span> pp_alert : <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span> <span><span>(<a href="#type-alert_level">alert_level</a> * <a href="#type-alert_type">alert_type</a>)</span> <span class="arrow">&#45;&gt;</span></span> unit</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-handshake_type"><a href="#type-handshake_type" class="anchor"></a><code><span><span class="keyword">type</span> handshake_type</span><span> = </span></code><ol><li id="type-handshake_type.HELLO_REQUEST" class="def variant constructor anchored"><a href="#type-handshake_type.HELLO_REQUEST" class="anchor"></a><code><span>| </span><span><span class="constructor">HELLO_REQUEST</span></span></code></li><li id="type-handshake_type.CLIENT_HELLO" class="def variant constructor anchored"><a href="#type-handshake_type.CLIENT_HELLO" class="anchor"></a><code><span>| </span><span><span class="constructor">CLIENT_HELLO</span></span></code></li><li id="type-handshake_type.SERVER_HELLO" class="def variant constructor anchored"><a href="#type-handshake_type.SERVER_HELLO" class="anchor"></a><code><span>| </span><span><span class="constructor">SERVER_HELLO</span></span></code></li><li id="type-handshake_type.HELLO_VERIFY_REQUEST" class="def variant constructor anchored"><a href="#type-handshake_type.HELLO_VERIFY_REQUEST" class="anchor"></a><code><span>| </span><span><span class="constructor">HELLO_VERIFY_REQUEST</span></span></code></li><li id="type-handshake_type.SESSION_TICKET" class="def variant constructor anchored"><a href="#type-handshake_type.SESSION_TICKET" class="anchor"></a><code><span>| </span><span><span class="constructor">SESSION_TICKET</span></span></code></li><li id="type-handshake_type.END_OF_EARLY_DATA" class="def variant constructor anchored"><a href="#type-handshake_type.END_OF_EARLY_DATA" class="anchor"></a><code><span>| </span><span><span class="constructor">END_OF_EARLY_DATA</span></span></code></li><li id="type-handshake_type.ENCRYPTED_EXTENSIONS" class="def variant constructor anchored"><a href="#type-handshake_type.ENCRYPTED_EXTENSIONS" class="anchor"></a><code><span>| </span><span><span class="constructor">ENCRYPTED_EXTENSIONS</span></span></code></li><li id="type-handshake_type.CERTIFICATE" class="def variant constructor anchored"><a href="#type-handshake_type.CERTIFICATE" class="anchor"></a><code><span>| </span><span><span class="constructor">CERTIFICATE</span></span></code></li><li id="type-handshake_type.SERVER_KEY_EXCHANGE" class="def variant constructor anchored"><a href="#type-handshake_type.SERVER_KEY_EXCHANGE" class="anchor"></a><code><span>| </span><span><span class="constructor">SERVER_KEY_EXCHANGE</span></span></code></li><li id="type-handshake_type.CERTIFICATE_REQUEST" class="def variant constructor anchored"><a href="#type-handshake_type.CERTIFICATE_REQUEST" class="anchor"></a><code><span>| </span><span><span class="constructor">CERTIFICATE_REQUEST</span></span></code></li><li id="type-handshake_type.SERVER_HELLO_DONE" class="def variant constructor anchored"><a href="#type-handshake_type.SERVER_HELLO_DONE" class="anchor"></a><code><span>| </span><span><span class="constructor">SERVER_HELLO_DONE</span></span></code></li><li id="type-handshake_type.CERTIFICATE_VERIFY" class="def variant constructor anchored"><a href="#type-handshake_type.CERTIFICATE_VERIFY" class="anchor"></a><code><span>| </span><span><span class="constructor">CERTIFICATE_VERIFY</span></span></code></li><li id="type-handshake_type.CLIENT_KEY_EXCHANGE" class="def variant constructor anchored"><a href="#type-handshake_type.CLIENT_KEY_EXCHANGE" class="anchor"></a><code><span>| </span><span><span class="constructor">CLIENT_KEY_EXCHANGE</span></span></code></li><li id="type-handshake_type.FINISHED" class="def variant constructor anchored"><a href="#type-handshake_type.FINISHED" class="anchor"></a><code><span>| </span><span><span class="constructor">FINISHED</span></span></code></li><li id="type-handshake_type.CERTIFICATE_URL" class="def variant constructor anchored"><a href="#type-handshake_type.CERTIFICATE_URL" class="anchor"></a><code><span>| </span><span><span class="constructor">CERTIFICATE_URL</span></span></code></li><li id="type-handshake_type.CERTIFICATE_STATUS" class="def variant constructor anchored"><a href="#type-handshake_type.CERTIFICATE_STATUS" class="anchor"></a><code><span>| </span><span><span class="constructor">CERTIFICATE_STATUS</span></span></code></li><li id="type-handshake_type.SUPPLEMENTAL_DATA" class="def variant constructor anchored"><a href="#type-handshake_type.SUPPLEMENTAL_DATA" class="anchor"></a><code><span>| </span><span><span class="constructor">SUPPLEMENTAL_DATA</span></span></code></li><li id="type-handshake_type.KEY_UPDATE" class="def variant constructor anchored"><a href="#type-handshake_type.KEY_UPDATE" class="anchor"></a><code><span>| </span><span><span class="constructor">KEY_UPDATE</span></span></code></li><li id="type-handshake_type.MESSAGE_HASH" class="def variant constructor anchored"><a href="#type-handshake_type.MESSAGE_HASH" class="anchor"></a><code><span>| </span><span><span class="constructor">MESSAGE_HASH</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-handshake_type_to_int"><a href="#val-handshake_type_to_int" class="anchor"></a><code><span><span class="keyword">val</span> handshake_type_to_int : <span><a href="#type-handshake_type">handshake_type</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_handshake_type"><a href="#val-int_to_handshake_type" class="anchor"></a><code><span><span class="keyword">val</span> int_to_handshake_type : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-handshake_type">handshake_type</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-client_certificate_type"><a href="#type-client_certificate_type" class="anchor"></a><code><span><span class="keyword">type</span> client_certificate_type</span><span> = </span></code><ol><li id="type-client_certificate_type.RSA_SIGN" class="def variant constructor anchored"><a href="#type-client_certificate_type.RSA_SIGN" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_SIGN</span></span></code></li><li id="type-client_certificate_type.ECDSA_SIGN" class="def variant constructor anchored"><a href="#type-client_certificate_type.ECDSA_SIGN" class="anchor"></a><code><span>| </span><span><span class="constructor">ECDSA_SIGN</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-client_certificate_type_to_int"><a href="#val-client_certificate_type_to_int" class="anchor"></a><code><span><span class="keyword">val</span> client_certificate_type_to_int : <span><a href="#type-client_certificate_type">client_certificate_type</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_client_certificate_type"><a href="#val-int_to_client_certificate_type" class="anchor"></a><code><span><span class="keyword">val</span> int_to_client_certificate_type : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-client_certificate_type">client_certificate_type</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-compression_method"><a href="#type-compression_method" class="anchor"></a><code><span><span class="keyword">type</span> compression_method</span><span> = </span></code><ol><li id="type-compression_method.NULL" class="def variant constructor anchored"><a href="#type-compression_method.NULL" class="anchor"></a><code><span>| </span><span><span class="constructor">NULL</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-compression_method_to_int"><a href="#val-compression_method_to_int" class="anchor"></a><code><span><span class="keyword">val</span> compression_method_to_int : <span><a href="#type-compression_method">compression_method</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_compression_method"><a href="#val-int_to_compression_method" class="anchor"></a><code><span><span class="keyword">val</span> int_to_compression_method : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-compression_method">compression_method</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-extension_type"><a href="#type-extension_type" class="anchor"></a><code><span><span class="keyword">type</span> extension_type</span><span> = </span></code><ol><li id="type-extension_type.SERVER_NAME" class="def variant constructor anchored"><a href="#type-extension_type.SERVER_NAME" class="anchor"></a><code><span>| </span><span><span class="constructor">SERVER_NAME</span></span></code></li><li id="type-extension_type.MAX_FRAGMENT_LENGTH" class="def variant constructor anchored"><a href="#type-extension_type.MAX_FRAGMENT_LENGTH" class="anchor"></a><code><span>| </span><span><span class="constructor">MAX_FRAGMENT_LENGTH</span></span></code></li><li id="type-extension_type.SUPPORTED_GROUPS" class="def variant constructor anchored"><a href="#type-extension_type.SUPPORTED_GROUPS" class="anchor"></a><code><span>| </span><span><span class="constructor">SUPPORTED_GROUPS</span></span></code></li><li id="type-extension_type.EC_POINT_FORMATS" class="def variant constructor anchored"><a href="#type-extension_type.EC_POINT_FORMATS" class="anchor"></a><code><span>| </span><span><span class="constructor">EC_POINT_FORMATS</span></span></code></li><li id="type-extension_type.SIGNATURE_ALGORITHMS" class="def variant constructor anchored"><a href="#type-extension_type.SIGNATURE_ALGORITHMS" class="anchor"></a><code><span>| </span><span><span class="constructor">SIGNATURE_ALGORITHMS</span></span></code></li><li id="type-extension_type.APPLICATION_LAYER_PROTOCOL_NEGOTIATION" class="def variant constructor anchored"><a href="#type-extension_type.APPLICATION_LAYER_PROTOCOL_NEGOTIATION" class="anchor"></a><code><span>| </span><span><span class="constructor">APPLICATION_LAYER_PROTOCOL_NEGOTIATION</span></span></code></li><li id="type-extension_type.PADDING" class="def variant constructor anchored"><a href="#type-extension_type.PADDING" class="anchor"></a><code><span>| </span><span><span class="constructor">PADDING</span></span></code></li><li id="type-extension_type.EXTENDED_MASTER_SECRET" class="def variant constructor anchored"><a href="#type-extension_type.EXTENDED_MASTER_SECRET" class="anchor"></a><code><span>| </span><span><span class="constructor">EXTENDED_MASTER_SECRET</span></span></code></li><li id="type-extension_type.SESSION_TICKET" class="def variant constructor anchored"><a href="#type-extension_type.SESSION_TICKET" class="anchor"></a><code><span>| </span><span><span class="constructor">SESSION_TICKET</span></span></code></li><li id="type-extension_type.PRE_SHARED_KEY" class="def variant constructor anchored"><a href="#type-extension_type.PRE_SHARED_KEY" class="anchor"></a><code><span>| </span><span><span class="constructor">PRE_SHARED_KEY</span></span></code></li><li id="type-extension_type.EARLY_DATA" class="def variant constructor anchored"><a href="#type-extension_type.EARLY_DATA" class="anchor"></a><code><span>| </span><span><span class="constructor">EARLY_DATA</span></span></code></li><li id="type-extension_type.SUPPORTED_VERSIONS" class="def variant constructor anchored"><a href="#type-extension_type.SUPPORTED_VERSIONS" class="anchor"></a><code><span>| </span><span><span class="constructor">SUPPORTED_VERSIONS</span></span></code></li><li id="type-extension_type.COOKIE" class="def variant constructor anchored"><a href="#type-extension_type.COOKIE" class="anchor"></a><code><span>| </span><span><span class="constructor">COOKIE</span></span></code></li><li id="type-extension_type.PSK_KEY_EXCHANGE_MODES" class="def variant constructor anchored"><a href="#type-extension_type.PSK_KEY_EXCHANGE_MODES" class="anchor"></a><code><span>| </span><span><span class="constructor">PSK_KEY_EXCHANGE_MODES</span></span></code></li><li id="type-extension_type.CERTIFICATE_AUTHORITIES" class="def variant constructor anchored"><a href="#type-extension_type.CERTIFICATE_AUTHORITIES" class="anchor"></a><code><span>| </span><span><span class="constructor">CERTIFICATE_AUTHORITIES</span></span></code></li><li id="type-extension_type.POST_HANDSHAKE_AUTH" class="def variant constructor anchored"><a href="#type-extension_type.POST_HANDSHAKE_AUTH" class="anchor"></a><code><span>| </span><span><span class="constructor">POST_HANDSHAKE_AUTH</span></span></code></li><li id="type-extension_type.KEY_SHARE" class="def variant constructor anchored"><a href="#type-extension_type.KEY_SHARE" class="anchor"></a><code><span>| </span><span><span class="constructor">KEY_SHARE</span></span></code></li><li id="type-extension_type.RENEGOTIATION_INFO" class="def variant constructor anchored"><a href="#type-extension_type.RENEGOTIATION_INFO" class="anchor"></a><code><span>| </span><span><span class="constructor">RENEGOTIATION_INFO</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-extension_type_to_int"><a href="#val-extension_type_to_int" class="anchor"></a><code><span><span class="keyword">val</span> extension_type_to_int : <span><a href="#type-extension_type">extension_type</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_extension_type"><a href="#val-int_to_extension_type" class="anchor"></a><code><span><span class="keyword">val</span> int_to_extension_type : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-extension_type">extension_type</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-extension_type_to_string"><a href="#val-extension_type_to_string" class="anchor"></a><code><span><span class="keyword">val</span> extension_type_to_string : <span><a href="#type-extension_type">extension_type</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-max_fragment_length"><a href="#type-max_fragment_length" class="anchor"></a><code><span><span class="keyword">type</span> max_fragment_length</span><span> = </span></code><ol><li id="type-max_fragment_length.TWO_9" class="def variant constructor anchored"><a href="#type-max_fragment_length.TWO_9" class="anchor"></a><code><span>| </span><span><span class="constructor">TWO_9</span></span></code></li><li id="type-max_fragment_length.TWO_10" class="def variant constructor anchored"><a href="#type-max_fragment_length.TWO_10" class="anchor"></a><code><span>| </span><span><span class="constructor">TWO_10</span></span></code></li><li id="type-max_fragment_length.TWO_11" class="def variant constructor anchored"><a href="#type-max_fragment_length.TWO_11" class="anchor"></a><code><span>| </span><span><span class="constructor">TWO_11</span></span></code></li><li id="type-max_fragment_length.TWO_12" class="def variant constructor anchored"><a href="#type-max_fragment_length.TWO_12" class="anchor"></a><code><span>| </span><span><span class="constructor">TWO_12</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-max_fragment_length_to_int"><a href="#val-max_fragment_length_to_int" class="anchor"></a><code><span><span class="keyword">val</span> max_fragment_length_to_int : <span><a href="#type-max_fragment_length">max_fragment_length</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_max_fragment_length"><a href="#val-int_to_max_fragment_length" class="anchor"></a><code><span><span class="keyword">val</span> int_to_max_fragment_length : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-max_fragment_length">max_fragment_length</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-psk_key_exchange_mode"><a href="#type-psk_key_exchange_mode" class="anchor"></a><code><span><span class="keyword">type</span> psk_key_exchange_mode</span><span> = </span></code><ol><li id="type-psk_key_exchange_mode.PSK_KE" class="def variant constructor anchored"><a href="#type-psk_key_exchange_mode.PSK_KE" class="anchor"></a><code><span>| </span><span><span class="constructor">PSK_KE</span></span></code></li><li id="type-psk_key_exchange_mode.PSK_KE_DHE" class="def variant constructor anchored"><a href="#type-psk_key_exchange_mode.PSK_KE_DHE" class="anchor"></a><code><span>| </span><span><span class="constructor">PSK_KE_DHE</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-psk_key_exchange_mode_to_int"><a href="#val-psk_key_exchange_mode_to_int" class="anchor"></a><code><span><span class="keyword">val</span> psk_key_exchange_mode_to_int : <span><a href="#type-psk_key_exchange_mode">psk_key_exchange_mode</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_psk_key_exchange_mode"><a href="#val-int_to_psk_key_exchange_mode" class="anchor"></a><code><span><span class="keyword">val</span> int_to_psk_key_exchange_mode : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-psk_key_exchange_mode">psk_key_exchange_mode</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-signature_alg"><a href="#type-signature_alg" class="anchor"></a><code><span><span class="keyword">type</span> signature_alg</span><span> = </span></code><ol><li id="type-signature_alg.RSA_PKCS1_MD5" class="def variant constructor anchored"><a href="#type-signature_alg.RSA_PKCS1_MD5" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_PKCS1_MD5</span></span></code></li><li id="type-signature_alg.RSA_PKCS1_SHA1" class="def variant constructor anchored"><a href="#type-signature_alg.RSA_PKCS1_SHA1" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_PKCS1_SHA1</span></span></code></li><li id="type-signature_alg.RSA_PKCS1_SHA224" class="def variant constructor anchored"><a href="#type-signature_alg.RSA_PKCS1_SHA224" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_PKCS1_SHA224</span></span></code></li><li id="type-signature_alg.RSA_PKCS1_SHA256" class="def variant constructor anchored"><a href="#type-signature_alg.RSA_PKCS1_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_PKCS1_SHA256</span></span></code></li><li id="type-signature_alg.RSA_PKCS1_SHA384" class="def variant constructor anchored"><a href="#type-signature_alg.RSA_PKCS1_SHA384" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_PKCS1_SHA384</span></span></code></li><li id="type-signature_alg.RSA_PKCS1_SHA512" class="def variant constructor anchored"><a href="#type-signature_alg.RSA_PKCS1_SHA512" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_PKCS1_SHA512</span></span></code></li><li id="type-signature_alg.ECDSA_SECP256R1_SHA1" class="def variant constructor anchored"><a href="#type-signature_alg.ECDSA_SECP256R1_SHA1" class="anchor"></a><code><span>| </span><span><span class="constructor">ECDSA_SECP256R1_SHA1</span></span></code></li><li id="type-signature_alg.ECDSA_SECP256R1_SHA256" class="def variant constructor anchored"><a href="#type-signature_alg.ECDSA_SECP256R1_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">ECDSA_SECP256R1_SHA256</span></span></code></li><li id="type-signature_alg.ECDSA_SECP384R1_SHA384" class="def variant constructor anchored"><a href="#type-signature_alg.ECDSA_SECP384R1_SHA384" class="anchor"></a><code><span>| </span><span><span class="constructor">ECDSA_SECP384R1_SHA384</span></span></code></li><li id="type-signature_alg.ECDSA_SECP521R1_SHA512" class="def variant constructor anchored"><a href="#type-signature_alg.ECDSA_SECP521R1_SHA512" class="anchor"></a><code><span>| </span><span><span class="constructor">ECDSA_SECP521R1_SHA512</span></span></code></li><li id="type-signature_alg.RSA_PSS_RSAENC_SHA256" class="def variant constructor anchored"><a href="#type-signature_alg.RSA_PSS_RSAENC_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_PSS_RSAENC_SHA256</span></span></code></li><li id="type-signature_alg.RSA_PSS_RSAENC_SHA384" class="def variant constructor anchored"><a href="#type-signature_alg.RSA_PSS_RSAENC_SHA384" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_PSS_RSAENC_SHA384</span></span></code></li><li id="type-signature_alg.RSA_PSS_RSAENC_SHA512" class="def variant constructor anchored"><a href="#type-signature_alg.RSA_PSS_RSAENC_SHA512" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_PSS_RSAENC_SHA512</span></span></code></li><li id="type-signature_alg.ED25519" class="def variant constructor anchored"><a href="#type-signature_alg.ED25519" class="anchor"></a><code><span>| </span><span><span class="constructor">ED25519</span></span></code></li><li id="type-signature_alg.ED448" class="def variant constructor anchored"><a href="#type-signature_alg.ED448" class="anchor"></a><code><span>| </span><span><span class="constructor">ED448</span></span></code></li><li id="type-signature_alg.RSA_PSS_PSS_SHA256" class="def variant constructor anchored"><a href="#type-signature_alg.RSA_PSS_PSS_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_PSS_PSS_SHA256</span></span></code></li><li id="type-signature_alg.RSA_PSS_PSS_SHA384" class="def variant constructor anchored"><a href="#type-signature_alg.RSA_PSS_PSS_SHA384" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_PSS_PSS_SHA384</span></span></code></li><li id="type-signature_alg.RSA_PSS_PSS_SHA512" class="def variant constructor anchored"><a href="#type-signature_alg.RSA_PSS_PSS_SHA512" class="anchor"></a><code><span>| </span><span><span class="constructor">RSA_PSS_PSS_SHA512</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-signature_alg_to_int"><a href="#val-signature_alg_to_int" class="anchor"></a><code><span><span class="keyword">val</span> signature_alg_to_int : <span><a href="#type-signature_alg">signature_alg</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_signature_alg"><a href="#val-int_to_signature_alg" class="anchor"></a><code><span><span class="keyword">val</span> int_to_signature_alg : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-signature_alg">signature_alg</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-to_signature_alg"><a href="#val-to_signature_alg" class="anchor"></a><code><span><span class="keyword">val</span> to_signature_alg : 
+  <span><span>[&lt; `ECDSA_SECP256R1_SHA1
+  <span>| `ECDSA_SECP256R1_SHA256</span>
+  <span>| `ECDSA_SECP384R1_SHA384</span>
+  <span>| `ECDSA_SECP521R1_SHA512</span>
+  <span>| `ED25519</span>
+  <span>| `RSA_PKCS1_MD5</span>
+  <span>| `RSA_PKCS1_SHA1</span>
+  <span>| `RSA_PKCS1_SHA224</span>
+  <span>| `RSA_PKCS1_SHA256</span>
+  <span>| `RSA_PKCS1_SHA384</span>
+  <span>| `RSA_PKCS1_SHA512</span>
+  <span>| `RSA_PSS_RSAENC_SHA256</span>
+  <span>| `RSA_PSS_RSAENC_SHA384</span>
+  <span>| `RSA_PSS_RSAENC_SHA512</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="#type-signature_alg">signature_alg</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-of_signature_alg"><a href="#val-of_signature_alg" class="anchor"></a><code><span><span class="keyword">val</span> of_signature_alg : 
+  <span><a href="#type-signature_alg">signature_alg</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&gt; `ECDSA_SECP256R1_SHA1
+  <span>| `ECDSA_SECP256R1_SHA256</span>
+  <span>| `ECDSA_SECP384R1_SHA384</span>
+  <span>| `ECDSA_SECP521R1_SHA512</span>
+  <span>| `ED25519</span>
+  <span>| `RSA_PKCS1_MD5</span>
+  <span>| `RSA_PKCS1_SHA1</span>
+  <span>| `RSA_PKCS1_SHA224</span>
+  <span>| `RSA_PKCS1_SHA256</span>
+  <span>| `RSA_PKCS1_SHA384</span>
+  <span>| `RSA_PKCS1_SHA512</span>
+  <span>| `RSA_PSS_RSAENC_SHA256</span>
+  <span>| `RSA_PSS_RSAENC_SHA384</span>
+  <span>| `RSA_PSS_RSAENC_SHA512</span> ]</span>
+    option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-ec_curve_type"><a href="#type-ec_curve_type" class="anchor"></a><code><span><span class="keyword">type</span> ec_curve_type</span><span> = </span></code><ol><li id="type-ec_curve_type.NAMED_CURVE" class="def variant constructor anchored"><a href="#type-ec_curve_type.NAMED_CURVE" class="anchor"></a><code><span>| </span><span><span class="constructor">NAMED_CURVE</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-ec_curve_type_to_int"><a href="#val-ec_curve_type_to_int" class="anchor"></a><code><span><span class="keyword">val</span> ec_curve_type_to_int : <span><a href="#type-ec_curve_type">ec_curve_type</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_ec_curve_type"><a href="#val-int_to_ec_curve_type" class="anchor"></a><code><span><span class="keyword">val</span> int_to_ec_curve_type : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-ec_curve_type">ec_curve_type</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-named_group"><a href="#type-named_group" class="anchor"></a><code><span><span class="keyword">type</span> named_group</span><span> = </span></code><ol><li id="type-named_group.SECP256R1" class="def variant constructor anchored"><a href="#type-named_group.SECP256R1" class="anchor"></a><code><span>| </span><span><span class="constructor">SECP256R1</span></span></code></li><li id="type-named_group.SECP384R1" class="def variant constructor anchored"><a href="#type-named_group.SECP384R1" class="anchor"></a><code><span>| </span><span><span class="constructor">SECP384R1</span></span></code></li><li id="type-named_group.SECP521R1" class="def variant constructor anchored"><a href="#type-named_group.SECP521R1" class="anchor"></a><code><span>| </span><span><span class="constructor">SECP521R1</span></span></code></li><li id="type-named_group.X25519" class="def variant constructor anchored"><a href="#type-named_group.X25519" class="anchor"></a><code><span>| </span><span><span class="constructor">X25519</span></span></code></li><li id="type-named_group.X448" class="def variant constructor anchored"><a href="#type-named_group.X448" class="anchor"></a><code><span>| </span><span><span class="constructor">X448</span></span></code></li><li id="type-named_group.FFDHE2048" class="def variant constructor anchored"><a href="#type-named_group.FFDHE2048" class="anchor"></a><code><span>| </span><span><span class="constructor">FFDHE2048</span></span></code></li><li id="type-named_group.FFDHE3072" class="def variant constructor anchored"><a href="#type-named_group.FFDHE3072" class="anchor"></a><code><span>| </span><span><span class="constructor">FFDHE3072</span></span></code></li><li id="type-named_group.FFDHE4096" class="def variant constructor anchored"><a href="#type-named_group.FFDHE4096" class="anchor"></a><code><span>| </span><span><span class="constructor">FFDHE4096</span></span></code></li><li id="type-named_group.FFDHE6144" class="def variant constructor anchored"><a href="#type-named_group.FFDHE6144" class="anchor"></a><code><span>| </span><span><span class="constructor">FFDHE6144</span></span></code></li><li id="type-named_group.FFDHE8192" class="def variant constructor anchored"><a href="#type-named_group.FFDHE8192" class="anchor"></a><code><span>| </span><span><span class="constructor">FFDHE8192</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-named_group_to_int"><a href="#val-named_group_to_int" class="anchor"></a><code><span><span class="keyword">val</span> named_group_to_int : <span><a href="#type-named_group">named_group</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_named_group"><a href="#val-int_to_named_group" class="anchor"></a><code><span><span class="keyword">val</span> int_to_named_group : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-named_group">named_group</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-any_ciphersuite"><a href="#type-any_ciphersuite" class="anchor"></a><code><span><span class="keyword">type</span> any_ciphersuite</span><span> = </span></code><ol><li id="type-any_ciphersuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_RSA_WITH_3DES_EDE_CBC_SHA</span></span></code></li><li id="type-any_ciphersuite.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</span></span></code></li><li id="type-any_ciphersuite.TLS_RSA_WITH_AES_128_CBC_SHA" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_RSA_WITH_AES_128_CBC_SHA" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_RSA_WITH_AES_128_CBC_SHA</span></span></code></li><li id="type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_DHE_RSA_WITH_AES_128_CBC_SHA</span></span></code></li><li id="type-any_ciphersuite.TLS_RSA_WITH_AES_256_CBC_SHA" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_RSA_WITH_AES_256_CBC_SHA" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_RSA_WITH_AES_256_CBC_SHA</span></span></code></li><li id="type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_DHE_RSA_WITH_AES_256_CBC_SHA</span></span></code></li><li id="type-any_ciphersuite.TLS_RSA_WITH_AES_128_CBC_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_RSA_WITH_AES_128_CBC_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_RSA_WITH_AES_128_CBC_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_RSA_WITH_AES_256_CBC_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_RSA_WITH_AES_256_CBC_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_RSA_WITH_AES_256_CBC_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_RSA_WITH_AES_128_GCM_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_RSA_WITH_AES_128_GCM_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_RSA_WITH_AES_128_GCM_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_RSA_WITH_AES_256_GCM_SHA384" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_RSA_WITH_AES_256_GCM_SHA384" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_RSA_WITH_AES_256_GCM_SHA384</span></span></code></li><li id="type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</span></span></code></li><li id="type-any_ciphersuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_EMPTY_RENEGOTIATION_INFO_SCSV</span></span></code></li><li id="type-any_ciphersuite.TLS_AES_128_GCM_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_AES_128_GCM_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_AES_128_GCM_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_AES_256_GCM_SHA384" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_AES_256_GCM_SHA384" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_AES_256_GCM_SHA384</span></span></code></li><li id="type-any_ciphersuite.TLS_CHACHA20_POLY1305_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_CHACHA20_POLY1305_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_CHACHA20_POLY1305_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_AES_128_CCM_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_AES_128_CCM_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_AES_128_CCM_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_FALLBACK_SCSV" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_FALLBACK_SCSV" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_FALLBACK_SCSV</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span></span></code></li><li id="type-any_ciphersuite.TLS_RSA_WITH_AES_128_CCM" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_RSA_WITH_AES_128_CCM" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_RSA_WITH_AES_128_CCM</span></span></code></li><li id="type-any_ciphersuite.TLS_RSA_WITH_AES_256_CCM" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_RSA_WITH_AES_256_CCM" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_RSA_WITH_AES_256_CCM</span></span></code></li><li id="type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_128_CCM" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_128_CCM" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_DHE_RSA_WITH_AES_128_CCM</span></span></code></li><li id="type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_256_CCM" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_DHE_RSA_WITH_AES_256_CCM" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_DHE_RSA_WITH_AES_256_CCM</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span></span></code></li><li id="type-any_ciphersuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" class="def variant constructor anchored"><a href="#type-any_ciphersuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" class="anchor"></a><code><span>| </span><span><span class="constructor">TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span></span></code></li></ol></div><div class="spec-doc"><p>enum of all TLS ciphersuites</p></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-any_ciphersuite_to_int"><a href="#val-any_ciphersuite_to_int" class="anchor"></a><code><span><span class="keyword">val</span> any_ciphersuite_to_int : <span><a href="#type-any_ciphersuite">any_ciphersuite</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_any_ciphersuite"><a href="#val-int_to_any_ciphersuite" class="anchor"></a><code><span><span class="keyword">val</span> int_to_any_ciphersuite : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-any_ciphersuite">any_ciphersuite</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-key_update_request_type"><a href="#type-key_update_request_type" class="anchor"></a><code><span><span class="keyword">type</span> key_update_request_type</span><span> = </span></code><ol><li id="type-key_update_request_type.UPDATE_NOT_REQUESTED" class="def variant constructor anchored"><a href="#type-key_update_request_type.UPDATE_NOT_REQUESTED" class="anchor"></a><code><span>| </span><span><span class="constructor">UPDATE_NOT_REQUESTED</span></span></code></li><li id="type-key_update_request_type.UPDATE_REQUESTED" class="def variant constructor anchored"><a href="#type-key_update_request_type.UPDATE_REQUESTED" class="anchor"></a><code><span>| </span><span><span class="constructor">UPDATE_REQUESTED</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-key_update_request_type_to_int"><a href="#val-key_update_request_type_to_int" class="anchor"></a><code><span><span class="keyword">val</span> key_update_request_type_to_int : <span><a href="#type-key_update_request_type">key_update_request_type</a> <span class="arrow">&#45;&gt;</span></span> int</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-int_to_key_update_request_type"><a href="#val-int_to_key_update_request_type" class="anchor"></a><code><span><span class="keyword">val</span> int_to_key_update_request_type : <span>int <span class="arrow">&#45;&gt;</span></span> <span><a href="#type-key_update_request_type">key_update_request_type</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-helloretryrequest"><a href="#val-helloretryrequest" class="anchor"></a><code><span><span class="keyword">val</span> helloretryrequest : string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-downgrade12"><a href="#val-downgrade12" class="anchor"></a><code><span><span class="keyword">val</span> downgrade12 : string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-downgrade11"><a href="#val-downgrade11" class="anchor"></a><code><span><span class="keyword">val</span> downgrade11 : string</span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Reader/index.html b/doc/tls/Tls/Reader/index.html
new file mode 100644
index 00000000..5dd574f5
--- /dev/null
+++ b/doc/tls/Tls/Reader/index.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Reader (tls.Tls.Reader)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Reader</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Reader</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-parse_version"><a href="#val-parse_version" class="anchor"></a><code><span><span class="keyword">val</span> parse_version : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../Core/index.html#type-tls_version">Core.tls_version</a>, <span>[&gt; <span>`Decode of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_any_version"><a href="#val-parse_any_version" class="anchor"></a><code><span><span class="keyword">val</span> parse_any_version : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../Core/index.html#type-tls_any_version">Core.tls_any_version</a>, <span>[&gt; <span>`Decode of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_record"><a href="#val-parse_record" class="anchor"></a><code><span><span class="keyword">val</span> parse_record : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span>[ <span>`Record of <span>(<a href="../Core/index.html#type-tls_hdr">Core.tls_hdr</a> * string)</span> * string</span> <span><span>| `Fragment</span> of string</span> ]</span>,
+    <span>[&gt; <span>`Unexpected of <span>[&gt; <span>`Content_type of int</span> ]</span></span>
+    <span><span>| `Protocol_version</span> of <span>[&gt; <span>`Unknown_record of int * int</span> ]</span></span>
+    <span><span>| `Record_overflow</span> of int</span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_handshake_frame"><a href="#val-parse_handshake_frame" class="anchor"></a><code><span><span class="keyword">val</span> parse_handshake_frame : <span>string <span class="arrow">&#45;&gt;</span></span> <span>string option</span> * string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_handshake"><a href="#val-parse_handshake" class="anchor"></a><code><span><span class="keyword">val</span> parse_handshake : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../Core/index.html#type-tls_handshake">Core.tls_handshake</a>, <span>[&gt; <span>`Decode of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_alert"><a href="#val-parse_alert" class="anchor"></a><code><span><span class="keyword">val</span> parse_alert : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../Core/index.html#type-tls_alert">Core.tls_alert</a>, <span>[&gt; <span>`Decode of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_change_cipher_spec"><a href="#val-parse_change_cipher_spec" class="anchor"></a><code><span><span class="keyword">val</span> parse_change_cipher_spec : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(unit, <span>[&gt; <span>`Decode of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_certificate_request"><a href="#val-parse_certificate_request" class="anchor"></a><code><span><span class="keyword">val</span> parse_certificate_request : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span><a href="../Packet/index.html#type-client_certificate_type">Packet.client_certificate_type</a> list</span> * <span>string list</span>, <span>[&gt; <span>`Decode of string</span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_certificate_request_1_2"><a href="#val-parse_certificate_request_1_2" class="anchor"></a><code><span><span class="keyword">val</span> parse_certificate_request_1_2 : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span><a href="../Packet/index.html#type-client_certificate_type">Packet.client_certificate_type</a> list</span>
+   * <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span>
+   * <span>string list</span>,
+    <span>[&gt; <span>`Decode of string</span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_certificate_request_1_3"><a href="#val-parse_certificate_request_1_3" class="anchor"></a><code><span><span class="keyword">val</span> parse_certificate_request_1_3 : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span>string option</span> * <span><a href="../Core/index.html#type-certificate_request_extension">Core.certificate_request_extension</a> list</span>,
+    <span>[&gt; <span>`Decode of string</span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_certificates"><a href="#val-parse_certificates" class="anchor"></a><code><span><span class="keyword">val</span> parse_certificates : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span>string list</span>, <span>[&gt; <span>`Decode of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_certificates_1_3"><a href="#val-parse_certificates_1_3" class="anchor"></a><code><span><span class="keyword">val</span> parse_certificates_1_3 : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(string * <span><span>(string * <span><span class="type-var">'a</span> list</span>)</span> list</span>, <span>[&gt; <span>`Decode of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_client_dh_key_exchange"><a href="#val-parse_client_dh_key_exchange" class="anchor"></a><code><span><span class="keyword">val</span> parse_client_dh_key_exchange : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(string, <span>[&gt; <span>`Decode of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_client_ec_key_exchange"><a href="#val-parse_client_ec_key_exchange" class="anchor"></a><code><span><span class="keyword">val</span> parse_client_ec_key_exchange : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(string, <span>[&gt; <span>`Decode of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_dh_parameters"><a href="#val-parse_dh_parameters" class="anchor"></a><code><span><span class="keyword">val</span> parse_dh_parameters : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../Core/index.html#type-dh_parameters">Core.dh_parameters</a> * string * string, <span>[&gt; <span>`Decode of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_ec_parameters"><a href="#val-parse_ec_parameters" class="anchor"></a><code><span><span class="keyword">val</span> parse_ec_parameters : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<span>[ `X25519 <span>| `P256</span> <span>| `P384</span> <span>| `P521</span> ]</span> * string * string * string,
+    <span>[&gt; <span>`Decode of string</span> ]</span>)</span>
+    <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_digitally_signed"><a href="#val-parse_digitally_signed" class="anchor"></a><code><span><span class="keyword">val</span> parse_digitally_signed : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(string, <span>[&gt; <span>`Decode of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-parse_digitally_signed_1_2"><a href="#val-parse_digitally_signed_1_2" class="anchor"></a><code><span><span class="keyword">val</span> parse_digitally_signed_1_2 : 
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  <span><span>(<a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> * string, <span>[&gt; <span>`Decode of string</span> ]</span>)</span> <span class="xref-unresolved">Stdlib</span>.result</span></span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/State/index.html b/doc/tls/Tls/State/index.html
new file mode 100644
index 00000000..d2132766
--- /dev/null
+++ b/doc/tls/Tls/State/index.html
@@ -0,0 +1,292 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>State (tls.Tls.State)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; State</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.State</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec type anchored" id="type-hmac_key"><a href="#type-hmac_key" class="anchor"></a><code><span><span class="keyword">type</span> hmac_key</span><span> = string</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-iv_mode"><a href="#type-iv_mode" class="anchor"></a><code><span><span class="keyword">type</span> iv_mode</span><span> = </span></code><ol><li id="type-iv_mode.Iv" class="def variant constructor anchored"><a href="#type-iv_mode.Iv" class="anchor"></a><code><span>| </span><span><span class="constructor">Iv</span> <span class="keyword">of</span> string</span></code></li><li id="type-iv_mode.Random_iv" class="def variant constructor anchored"><a href="#type-iv_mode.Random_iv" class="anchor"></a><code><span>| </span><span><span class="constructor">Random_iv</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-cbc_cipher"><a href="#type-cbc_cipher" class="anchor"></a><code><span><span class="keyword">type</span> <span>'k cbc_cipher</span></span><span> = <span>(<span class="keyword">module</span> <span class="xref-unresolved">Mirage_crypto</span>.Block.CBC <span class="keyword">with</span> <span class="keyword">type</span> <span class="xref-unresolved">key</span> = <span class="type-var">'k</span>)</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-cbc_state"><a href="#type-cbc_state" class="anchor"></a><code><span><span class="keyword">type</span> <span>'k cbc_state</span></span><span> = </span><span>{</span></code><ol><li id="type-cbc_state.cipher" class="def record field anchored"><a href="#type-cbc_state.cipher" class="anchor"></a><code><span>cipher : <span><span class="type-var">'k</span> <a href="#type-cbc_cipher">cbc_cipher</a></span>;</span></code></li><li id="type-cbc_state.cipher_secret" class="def record field anchored"><a href="#type-cbc_state.cipher_secret" class="anchor"></a><code><span>cipher_secret : <span class="type-var">'k</span>;</span></code></li><li id="type-cbc_state.iv_mode" class="def record field anchored"><a href="#type-cbc_state.iv_mode" class="anchor"></a><code><span>iv_mode : <a href="#type-iv_mode">iv_mode</a>;</span></code></li><li id="type-cbc_state.hmac" class="def record field anchored"><a href="#type-cbc_state.hmac" class="anchor"></a><code><span>hmac : <span class="xref-unresolved">Digestif</span>.hash';</span></code></li><li id="type-cbc_state.hmac_secret" class="def record field anchored"><a href="#type-cbc_state.hmac_secret" class="anchor"></a><code><span>hmac_secret : <a href="#type-hmac_key">hmac_key</a>;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-nonce"><a href="#type-nonce" class="anchor"></a><code><span><span class="keyword">type</span> nonce</span><span> = string</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-aead_cipher"><a href="#type-aead_cipher" class="anchor"></a><code><span><span class="keyword">type</span> <span>'k aead_cipher</span></span><span> = <span>(<span class="keyword">module</span> <span class="xref-unresolved">Mirage_crypto</span>.AEAD <span class="keyword">with</span> <span class="keyword">type</span> <span class="xref-unresolved">key</span> = <span class="type-var">'k</span>)</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-aead_state"><a href="#type-aead_state" class="anchor"></a><code><span><span class="keyword">type</span> <span>'k aead_state</span></span><span> = </span><span>{</span></code><ol><li id="type-aead_state.cipher" class="def record field anchored"><a href="#type-aead_state.cipher" class="anchor"></a><code><span>cipher : <span><span class="type-var">'k</span> <a href="#type-aead_cipher">aead_cipher</a></span>;</span></code></li><li id="type-aead_state.cipher_secret" class="def record field anchored"><a href="#type-aead_state.cipher_secret" class="anchor"></a><code><span>cipher_secret : <span class="type-var">'k</span>;</span></code></li><li id="type-aead_state.nonce" class="def record field anchored"><a href="#type-aead_state.nonce" class="anchor"></a><code><span>nonce : <a href="#type-nonce">nonce</a>;</span></code></li><li id="type-aead_state.explicit_nonce" class="def record field anchored"><a href="#type-aead_state.explicit_nonce" class="anchor"></a><code><span>explicit_nonce : bool;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-cipher_st"><a href="#type-cipher_st" class="anchor"></a><code><span><span class="keyword">type</span> cipher_st</span><span> = </span></code><ol><li id="type-cipher_st.CBC" class="def variant constructor anchored"><a href="#type-cipher_st.CBC" class="anchor"></a><code><span>| </span><span><span class="constructor">CBC</span> : <span><span class="type-var">'k</span> <a href="#type-cbc_state">cbc_state</a></span> <span class="arrow">&#45;&gt;</span> <a href="#type-cipher_st">cipher_st</a></span></code></li><li id="type-cipher_st.AEAD" class="def variant constructor anchored"><a href="#type-cipher_st.AEAD" class="anchor"></a><code><span>| </span><span><span class="constructor">AEAD</span> : <span><span class="type-var">'k</span> <a href="#type-aead_state">aead_state</a></span> <span class="arrow">&#45;&gt;</span> <a href="#type-cipher_st">cipher_st</a></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-crypto_context"><a href="#type-crypto_context" class="anchor"></a><code><span><span class="keyword">type</span> crypto_context</span><span> = </span><span>{</span></code><ol><li id="type-crypto_context.sequence" class="def record field anchored"><a href="#type-crypto_context.sequence" class="anchor"></a><code><span>sequence : int64;</span></code></li><li id="type-crypto_context.cipher_st" class="def record field anchored"><a href="#type-crypto_context.cipher_st" class="anchor"></a><code><span>cipher_st : <a href="#type-cipher_st">cipher_st</a>;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-hs_log"><a href="#type-hs_log" class="anchor"></a><code><span><span class="keyword">type</span> hs_log</span><span> = <span>string list</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-dh_secret"><a href="#type-dh_secret" class="anchor"></a><code><span><span class="keyword">type</span> dh_secret</span><span> = </span><span>[ </span></code><ol><li id="type-dh_secret.Finite_field" class="def variant constructor anchored"><a href="#type-dh_secret.Finite_field" class="anchor"></a><code><span>| </span><span>`Finite_field <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_pk</span>.Dh.secret</span></code></li><li id="type-dh_secret.P256" class="def variant constructor anchored"><a href="#type-dh_secret.P256" class="anchor"></a><code><span>| </span><span>`P256 <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_ec</span>.P256.Dh.secret</span></code></li><li id="type-dh_secret.P384" class="def variant constructor anchored"><a href="#type-dh_secret.P384" class="anchor"></a><code><span>| </span><span>`P384 <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_ec</span>.P384.Dh.secret</span></code></li><li id="type-dh_secret.P521" class="def variant constructor anchored"><a href="#type-dh_secret.P521" class="anchor"></a><code><span>| </span><span>`P521 <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_ec</span>.P521.Dh.secret</span></code></li><li id="type-dh_secret.X25519" class="def variant constructor anchored"><a href="#type-dh_secret.X25519" class="anchor"></a><code><span>| </span><span>`X25519 <span class="keyword">of</span> <span class="xref-unresolved">Mirage_crypto_ec</span>.X25519.secret</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-reneg_params"><a href="#type-reneg_params" class="anchor"></a><code><span><span class="keyword">type</span> reneg_params</span><span> = string * string</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-common_session_data"><a href="#type-common_session_data" class="anchor"></a><code><span><span class="keyword">type</span> common_session_data</span><span> = </span><span>{</span></code><ol><li id="type-common_session_data.server_random" class="def record field anchored"><a href="#type-common_session_data.server_random" class="anchor"></a><code><span>server_random : string;</span></code></li><li id="type-common_session_data.client_random" class="def record field anchored"><a href="#type-common_session_data.client_random" class="anchor"></a><code><span>client_random : string;</span></code></li><li id="type-common_session_data.peer_certificate_chain" class="def record field anchored"><a href="#type-common_session_data.peer_certificate_chain" class="anchor"></a><code><span>peer_certificate_chain : <span><span class="xref-unresolved">X509</span>.Certificate.t list</span>;</span></code></li><li id="type-common_session_data.peer_certificate" class="def record field anchored"><a href="#type-common_session_data.peer_certificate" class="anchor"></a><code><span>peer_certificate : <span><span class="xref-unresolved">X509</span>.Certificate.t option</span>;</span></code></li><li id="type-common_session_data.trust_anchor" class="def record field anchored"><a href="#type-common_session_data.trust_anchor" class="anchor"></a><code><span>trust_anchor : <span><span class="xref-unresolved">X509</span>.Certificate.t option</span>;</span></code></li><li id="type-common_session_data.received_certificates" class="def record field anchored"><a href="#type-common_session_data.received_certificates" class="anchor"></a><code><span>received_certificates : <span><span class="xref-unresolved">X509</span>.Certificate.t list</span>;</span></code></li><li id="type-common_session_data.own_certificate" class="def record field anchored"><a href="#type-common_session_data.own_certificate" class="anchor"></a><code><span>own_certificate : <span><span class="xref-unresolved">X509</span>.Certificate.t list</span>;</span></code></li><li id="type-common_session_data.own_private_key" class="def record field anchored"><a href="#type-common_session_data.own_private_key" class="anchor"></a><code><span>own_private_key : <span><span class="xref-unresolved">X509</span>.Private_key.t option</span>;</span></code></li><li id="type-common_session_data.own_name" class="def record field anchored"><a href="#type-common_session_data.own_name" class="anchor"></a><code><span>own_name : <span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> option</span>;</span></code></li><li id="type-common_session_data.client_auth" class="def record field anchored"><a href="#type-common_session_data.client_auth" class="anchor"></a><code><span>client_auth : bool;</span></code></li><li id="type-common_session_data.master_secret" class="def record field anchored"><a href="#type-common_session_data.master_secret" class="anchor"></a><code><span>master_secret : <a href="../Core/index.html#type-master_secret">Core.master_secret</a>;</span></code></li><li id="type-common_session_data.alpn_protocol" class="def record field anchored"><a href="#type-common_session_data.alpn_protocol" class="anchor"></a><code><span>alpn_protocol : <span>string option</span>;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-session_data"><a href="#type-session_data" class="anchor"></a><code><span><span class="keyword">type</span> session_data</span><span> = </span><span>{</span></code><ol><li id="type-session_data.common_session_data" class="def record field anchored"><a href="#type-session_data.common_session_data" class="anchor"></a><code><span>common_session_data : <a href="#type-common_session_data">common_session_data</a>;</span></code></li><li id="type-session_data.client_version" class="def record field anchored"><a href="#type-session_data.client_version" class="anchor"></a><code><span>client_version : <a href="../Core/index.html#type-tls_any_version">Core.tls_any_version</a>;</span></code></li><li id="type-session_data.ciphersuite" class="def record field anchored"><a href="#type-session_data.ciphersuite" class="anchor"></a><code><span>ciphersuite : <a href="../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a>;</span></code></li><li id="type-session_data.group" class="def record field anchored"><a href="#type-session_data.group" class="anchor"></a><code><span>group : <span><a href="../Core/index.html#type-group">Core.group</a> option</span>;</span></code></li><li id="type-session_data.renegotiation" class="def record field anchored"><a href="#type-session_data.renegotiation" class="anchor"></a><code><span>renegotiation : <a href="#type-reneg_params">reneg_params</a>;</span></code></li><li id="type-session_data.session_id" class="def record field anchored"><a href="#type-session_data.session_id" class="anchor"></a><code><span>session_id : string;</span></code></li><li id="type-session_data.extended_ms" class="def record field anchored"><a href="#type-session_data.extended_ms" class="anchor"></a><code><span>extended_ms : bool;</span></code></li><li id="type-session_data.tls_unique" class="def record field anchored"><a href="#type-session_data.tls_unique" class="anchor"></a><code><span>tls_unique : string;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-server_handshake_state"><a href="#type-server_handshake_state" class="anchor"></a><code><span><span class="keyword">type</span> server_handshake_state</span><span> = </span></code><ol><li id="type-server_handshake_state.AwaitClientHello" class="def variant constructor anchored"><a href="#type-server_handshake_state.AwaitClientHello" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientHello</span></span></code></li><li id="type-server_handshake_state.AwaitClientHelloRenegotiate" class="def variant constructor anchored"><a href="#type-server_handshake_state.AwaitClientHelloRenegotiate" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientHelloRenegotiate</span></span></code></li><li id="type-server_handshake_state.AwaitClientCertificate_RSA" class="def variant constructor anchored"><a href="#type-server_handshake_state.AwaitClientCertificate_RSA" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientCertificate_RSA</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-server_handshake_state.AwaitClientCertificate_DHE" class="def variant constructor anchored"><a href="#type-server_handshake_state.AwaitClientCertificate_DHE" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientCertificate_DHE</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * <a href="#type-dh_secret">dh_secret</a> * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-server_handshake_state.AwaitClientKeyExchange_RSA" class="def variant constructor anchored"><a href="#type-server_handshake_state.AwaitClientKeyExchange_RSA" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientKeyExchange_RSA</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-server_handshake_state.AwaitClientKeyExchange_DHE" class="def variant constructor anchored"><a href="#type-server_handshake_state.AwaitClientKeyExchange_DHE" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientKeyExchange_DHE</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * <a href="#type-dh_secret">dh_secret</a> * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-server_handshake_state.AwaitClientCertificateVerify" class="def variant constructor anchored"><a href="#type-server_handshake_state.AwaitClientCertificateVerify" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientCertificateVerify</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a>
+  * <a href="#type-crypto_context">crypto_context</a>
+  * <a href="#type-crypto_context">crypto_context</a>
+  * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-server_handshake_state.AwaitClientChangeCipherSpec" class="def variant constructor anchored"><a href="#type-server_handshake_state.AwaitClientChangeCipherSpec" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientChangeCipherSpec</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a>
+  * <a href="#type-crypto_context">crypto_context</a>
+  * <a href="#type-crypto_context">crypto_context</a>
+  * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-server_handshake_state.AwaitClientChangeCipherSpecResume" class="def variant constructor anchored"><a href="#type-server_handshake_state.AwaitClientChangeCipherSpecResume" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientChangeCipherSpecResume</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a>
+  * <a href="#type-crypto_context">crypto_context</a>
+  * string
+  * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-server_handshake_state.AwaitClientFinished" class="def variant constructor anchored"><a href="#type-server_handshake_state.AwaitClientFinished" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientFinished</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-server_handshake_state.AwaitClientFinishedResume" class="def variant constructor anchored"><a href="#type-server_handshake_state.AwaitClientFinishedResume" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientFinishedResume</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * string * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-server_handshake_state.Established" class="def variant constructor anchored"><a href="#type-server_handshake_state.Established" class="anchor"></a><code><span>| </span><span><span class="constructor">Established</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-client_handshake_state"><a href="#type-client_handshake_state" class="anchor"></a><code><span><span class="keyword">type</span> client_handshake_state</span><span> = </span></code><ol><li id="type-client_handshake_state.ClientInitial" class="def variant constructor anchored"><a href="#type-client_handshake_state.ClientInitial" class="anchor"></a><code><span>| </span><span><span class="constructor">ClientInitial</span></span></code></li><li id="type-client_handshake_state.AwaitServerHello" class="def variant constructor anchored"><a href="#type-client_handshake_state.AwaitServerHello" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerHello</span> <span class="keyword">of</span> <a href="../Core/index.html#type-client_hello">Core.client_hello</a> * <span><span>(<a href="../Core/index.html#type-group">Core.group</a> * <a href="#type-dh_secret">dh_secret</a>)</span> list</span> * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-client_handshake_state.AwaitServerHelloRenegotiate" class="def variant constructor anchored"><a href="#type-client_handshake_state.AwaitServerHelloRenegotiate" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerHelloRenegotiate</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * <a href="../Core/index.html#type-client_hello">Core.client_hello</a> * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-client_handshake_state.AwaitCertificate_RSA" class="def variant constructor anchored"><a href="#type-client_handshake_state.AwaitCertificate_RSA" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitCertificate_RSA</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-client_handshake_state.AwaitCertificate_DHE" class="def variant constructor anchored"><a href="#type-client_handshake_state.AwaitCertificate_DHE" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitCertificate_DHE</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-client_handshake_state.AwaitServerKeyExchange_DHE" class="def variant constructor anchored"><a href="#type-client_handshake_state.AwaitServerKeyExchange_DHE" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerKeyExchange_DHE</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-client_handshake_state.AwaitCertificateRequestOrServerHelloDone" class="def variant constructor anchored"><a href="#type-client_handshake_state.AwaitCertificateRequestOrServerHelloDone" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitCertificateRequestOrServerHelloDone</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a>
+  * string
+  * string
+  * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-client_handshake_state.AwaitServerHelloDone" class="def variant constructor anchored"><a href="#type-client_handshake_state.AwaitServerHelloDone" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerHelloDone</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a>
+  * <span><span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> option</span>
+  * string
+  * string
+  * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-client_handshake_state.AwaitServerChangeCipherSpec" class="def variant constructor anchored"><a href="#type-client_handshake_state.AwaitServerChangeCipherSpec" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerChangeCipherSpec</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * <a href="#type-crypto_context">crypto_context</a> * string * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-client_handshake_state.AwaitServerChangeCipherSpecResume" class="def variant constructor anchored"><a href="#type-client_handshake_state.AwaitServerChangeCipherSpecResume" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerChangeCipherSpecResume</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a>
+  * <a href="#type-crypto_context">crypto_context</a>
+  * <a href="#type-crypto_context">crypto_context</a>
+  * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-client_handshake_state.AwaitServerFinished" class="def variant constructor anchored"><a href="#type-client_handshake_state.AwaitServerFinished" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerFinished</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * string * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-client_handshake_state.AwaitServerFinishedResume" class="def variant constructor anchored"><a href="#type-client_handshake_state.AwaitServerFinishedResume" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerFinishedResume</span> <span class="keyword">of</span> <a href="#type-session_data">session_data</a> * <a href="#type-hs_log">hs_log</a></span></code></li><li id="type-client_handshake_state.Established" class="def variant constructor anchored"><a href="#type-client_handshake_state.Established" class="anchor"></a><code><span>| </span><span><span class="constructor">Established</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-kdf"><a href="#type-kdf" class="anchor"></a><code><span><span class="keyword">type</span> kdf</span><span> = </span><span>{</span></code><ol><li id="type-kdf.secret" class="def record field anchored"><a href="#type-kdf.secret" class="anchor"></a><code><span>secret : string;</span></code></li><li id="type-kdf.cipher" class="def record field anchored"><a href="#type-kdf.cipher" class="anchor"></a><code><span>cipher : <a href="../Ciphersuite/index.html#type-ciphersuite13">Ciphersuite.ciphersuite13</a>;</span></code></li><li id="type-kdf.hash" class="def record field anchored"><a href="#type-kdf.hash" class="anchor"></a><code><span>hash : <span class="xref-unresolved">Digestif</span>.hash';</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-session_data13"><a href="#type-session_data13" class="anchor"></a><code><span><span class="keyword">type</span> session_data13</span><span> = </span><span>{</span></code><ol><li id="type-session_data13.common_session_data13" class="def record field anchored"><a href="#type-session_data13.common_session_data13" class="anchor"></a><code><span>common_session_data13 : <a href="#type-common_session_data">common_session_data</a>;</span></code></li><li id="type-session_data13.ciphersuite13" class="def record field anchored"><a href="#type-session_data13.ciphersuite13" class="anchor"></a><code><span>ciphersuite13 : <a href="../Ciphersuite/index.html#type-ciphersuite13">Ciphersuite.ciphersuite13</a>;</span></code></li><li id="type-session_data13.master_secret" class="def record field anchored"><a href="#type-session_data13.master_secret" class="anchor"></a><code><span>master_secret : <a href="#type-kdf">kdf</a>;</span></code></li><li id="type-session_data13.exporter_master_secret" class="def record field anchored"><a href="#type-session_data13.exporter_master_secret" class="anchor"></a><code><span>exporter_master_secret : string;</span></code></li><li id="type-session_data13.resumption_secret" class="def record field anchored"><a href="#type-session_data13.resumption_secret" class="anchor"></a><code><span>resumption_secret : string;</span></code></li><li id="type-session_data13.state" class="def record field anchored"><a href="#type-session_data13.state" class="anchor"></a><code><span>state : <a href="../Core/index.html#type-epoch_state">Core.epoch_state</a>;</span></code></li><li id="type-session_data13.resumed" class="def record field anchored"><a href="#type-session_data13.resumed" class="anchor"></a><code><span>resumed : bool;</span></code></li><li id="type-session_data13.client_app_secret" class="def record field anchored"><a href="#type-session_data13.client_app_secret" class="anchor"></a><code><span>client_app_secret : string;</span></code></li><li id="type-session_data13.server_app_secret" class="def record field anchored"><a href="#type-session_data13.server_app_secret" class="anchor"></a><code><span>server_app_secret : string;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-client13_handshake_state"><a href="#type-client13_handshake_state" class="anchor"></a><code><span><span class="keyword">type</span> client13_handshake_state</span><span> = </span></code><ol><li id="type-client13_handshake_state.AwaitServerHello13" class="def variant constructor anchored"><a href="#type-client13_handshake_state.AwaitServerHello13" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerHello13</span> <span class="keyword">of</span> <a href="../Core/index.html#type-client_hello">Core.client_hello</a>
+  * <span><span>(<a href="../Core/index.html#type-group">Core.group</a> * <a href="#type-dh_secret">dh_secret</a>)</span> list</span>
+  * string</span></code></li><li id="type-client13_handshake_state.AwaitServerEncryptedExtensions13" class="def variant constructor anchored"><a href="#type-client13_handshake_state.AwaitServerEncryptedExtensions13" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerEncryptedExtensions13</span> <span class="keyword">of</span> <a href="#type-session_data13">session_data13</a> * string * string * string</span></code></li><li id="type-client13_handshake_state.AwaitServerCertificateRequestOrCertificate13" class="def variant constructor anchored"><a href="#type-client13_handshake_state.AwaitServerCertificateRequestOrCertificate13" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerCertificateRequestOrCertificate13</span> <span class="keyword">of</span> <a href="#type-session_data13">session_data13</a>
+  * string
+  * string
+  * string</span></code></li><li id="type-client13_handshake_state.AwaitServerCertificate13" class="def variant constructor anchored"><a href="#type-client13_handshake_state.AwaitServerCertificate13" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerCertificate13</span> <span class="keyword">of</span> <a href="#type-session_data13">session_data13</a>
+  * string
+  * string
+  * <span><span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> option</span>
+  * string</span></code></li><li id="type-client13_handshake_state.AwaitServerCertificateVerify13" class="def variant constructor anchored"><a href="#type-client13_handshake_state.AwaitServerCertificateVerify13" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerCertificateVerify13</span> <span class="keyword">of</span> <a href="#type-session_data13">session_data13</a>
+  * string
+  * string
+  * <span><span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> option</span>
+  * string</span></code></li><li id="type-client13_handshake_state.AwaitServerFinished13" class="def variant constructor anchored"><a href="#type-client13_handshake_state.AwaitServerFinished13" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitServerFinished13</span> <span class="keyword">of</span> <a href="#type-session_data13">session_data13</a>
+  * string
+  * string
+  * <span><span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> option</span>
+  * string</span></code></li><li id="type-client13_handshake_state.Established13" class="def variant constructor anchored"><a href="#type-client13_handshake_state.Established13" class="anchor"></a><code><span>| </span><span><span class="constructor">Established13</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-server13_handshake_state"><a href="#type-server13_handshake_state" class="anchor"></a><code><span><span class="keyword">type</span> server13_handshake_state</span><span> = </span></code><ol><li id="type-server13_handshake_state.AwaitClientHelloHRR13" class="def variant constructor anchored"><a href="#type-server13_handshake_state.AwaitClientHelloHRR13" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientHelloHRR13</span></span></code></li><li id="type-server13_handshake_state.AwaitClientCertificate13" class="def variant constructor anchored"><a href="#type-server13_handshake_state.AwaitClientCertificate13" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientCertificate13</span> <span class="keyword">of</span> <a href="#type-session_data13">session_data13</a>
+  * string
+  * <a href="#type-crypto_context">crypto_context</a>
+  * <span><a href="../Core/index.html#type-session_ticket">Core.session_ticket</a> option</span>
+  * string</span></code></li><li id="type-server13_handshake_state.AwaitClientCertificateVerify13" class="def variant constructor anchored"><a href="#type-server13_handshake_state.AwaitClientCertificateVerify13" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientCertificateVerify13</span> <span class="keyword">of</span> <a href="#type-session_data13">session_data13</a>
+  * string
+  * <a href="#type-crypto_context">crypto_context</a>
+  * <span><a href="../Core/index.html#type-session_ticket">Core.session_ticket</a> option</span>
+  * string</span></code></li><li id="type-server13_handshake_state.AwaitClientFinished13" class="def variant constructor anchored"><a href="#type-server13_handshake_state.AwaitClientFinished13" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitClientFinished13</span> <span class="keyword">of</span> string
+  * <a href="#type-crypto_context">crypto_context</a>
+  * <span><a href="../Core/index.html#type-session_ticket">Core.session_ticket</a> option</span>
+  * string</span></code></li><li id="type-server13_handshake_state.AwaitEndOfEarlyData13" class="def variant constructor anchored"><a href="#type-server13_handshake_state.AwaitEndOfEarlyData13" class="anchor"></a><code><span>| </span><span><span class="constructor">AwaitEndOfEarlyData13</span> <span class="keyword">of</span> string
+  * <a href="#type-crypto_context">crypto_context</a>
+  * <a href="#type-crypto_context">crypto_context</a>
+  * <span><a href="../Core/index.html#type-session_ticket">Core.session_ticket</a> option</span>
+  * string</span></code></li><li id="type-server13_handshake_state.Established13" class="def variant constructor anchored"><a href="#type-server13_handshake_state.Established13" class="anchor"></a><code><span>| </span><span><span class="constructor">Established13</span></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-handshake_machina_state"><a href="#type-handshake_machina_state" class="anchor"></a><code><span><span class="keyword">type</span> handshake_machina_state</span><span> = </span></code><ol><li id="type-handshake_machina_state.Client" class="def variant constructor anchored"><a href="#type-handshake_machina_state.Client" class="anchor"></a><code><span>| </span><span><span class="constructor">Client</span> <span class="keyword">of</span> <a href="#type-client_handshake_state">client_handshake_state</a></span></code></li><li id="type-handshake_machina_state.Server" class="def variant constructor anchored"><a href="#type-handshake_machina_state.Server" class="anchor"></a><code><span>| </span><span><span class="constructor">Server</span> <span class="keyword">of</span> <a href="#type-server_handshake_state">server_handshake_state</a></span></code></li><li id="type-handshake_machina_state.Client13" class="def variant constructor anchored"><a href="#type-handshake_machina_state.Client13" class="anchor"></a><code><span>| </span><span><span class="constructor">Client13</span> <span class="keyword">of</span> <a href="#type-client13_handshake_state">client13_handshake_state</a></span></code></li><li id="type-handshake_machina_state.Server13" class="def variant constructor anchored"><a href="#type-handshake_machina_state.Server13" class="anchor"></a><code><span>| </span><span><span class="constructor">Server13</span> <span class="keyword">of</span> <a href="#type-server13_handshake_state">server13_handshake_state</a></span></code></li></ol></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-handshake_state"><a href="#type-handshake_state" class="anchor"></a><code><span><span class="keyword">type</span> handshake_state</span><span> = </span><span>{</span></code><ol><li id="type-handshake_state.session" class="def record field anchored"><a href="#type-handshake_state.session" class="anchor"></a><code><span>session : <span><span>[ <span>`TLS of <a href="#type-session_data">session_data</a></span> <span><span>| `TLS13</span> of <a href="#type-session_data13">session_data13</a></span> ]</span> list</span>;</span></code></li><li id="type-handshake_state.protocol_version" class="def record field anchored"><a href="#type-handshake_state.protocol_version" class="anchor"></a><code><span>protocol_version : <a href="../Core/index.html#type-tls_version">Core.tls_version</a>;</span></code></li><li id="type-handshake_state.early_data_left" class="def record field anchored"><a href="#type-handshake_state.early_data_left" class="anchor"></a><code><span>early_data_left : int32;</span></code></li><li id="type-handshake_state.machina" class="def record field anchored"><a href="#type-handshake_state.machina" class="anchor"></a><code><span>machina : <a href="#type-handshake_machina_state">handshake_machina_state</a>;</span></code></li><li id="type-handshake_state.config" class="def record field anchored"><a href="#type-handshake_state.config" class="anchor"></a><code><span>config : <a href="../Config/index.html#type-config">Config.config</a>;</span></code></li><li id="type-handshake_state.hs_fragment" class="def record field anchored"><a href="#type-handshake_state.hs_fragment" class="anchor"></a><code><span>hs_fragment : string;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-crypto_state"><a href="#type-crypto_state" class="anchor"></a><code><span><span class="keyword">type</span> crypto_state</span><span> = <span><a href="#type-crypto_context">crypto_context</a> option</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-record"><a href="#type-record" class="anchor"></a><code><span><span class="keyword">type</span> record</span><span> = <a href="../Packet/index.html#type-content_type">Packet.content_type</a> * string</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-rec_resp"><a href="#type-rec_resp" class="anchor"></a><code><span><span class="keyword">type</span> rec_resp</span><span> = </span><span>[ </span></code><ol><li id="type-rec_resp.Change_enc" class="def variant constructor anchored"><a href="#type-rec_resp.Change_enc" class="anchor"></a><code><span>| </span><span>`Change_enc <span class="keyword">of</span> <a href="#type-crypto_context">crypto_context</a></span></code></li><li id="type-rec_resp.Change_dec" class="def variant constructor anchored"><a href="#type-rec_resp.Change_dec" class="anchor"></a><code><span>| </span><span>`Change_dec <span class="keyword">of</span> <a href="#type-crypto_context">crypto_context</a></span></code></li><li id="type-rec_resp.Record" class="def variant constructor anchored"><a href="#type-rec_resp.Record" class="anchor"></a><code><span>| </span><span>`Record <span class="keyword">of</span> <a href="#type-record">record</a></span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-handshake_return"><a href="#type-handshake_return" class="anchor"></a><code><span><span class="keyword">type</span> handshake_return</span><span> = <a href="#type-handshake_state">handshake_state</a> * <span><a href="#type-rec_resp">rec_resp</a> list</span></span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-state"><a href="#type-state" class="anchor"></a><code><span><span class="keyword">type</span> state</span><span> = </span><span>{</span></code><ol><li id="type-state.handshake" class="def record field anchored"><a href="#type-state.handshake" class="anchor"></a><code><span>handshake : <a href="#type-handshake_state">handshake_state</a>;</span></code></li><li id="type-state.decryptor" class="def record field anchored"><a href="#type-state.decryptor" class="anchor"></a><code><span>decryptor : <a href="#type-crypto_state">crypto_state</a>;</span></code></li><li id="type-state.encryptor" class="def record field anchored"><a href="#type-state.encryptor" class="anchor"></a><code><span>encryptor : <a href="#type-crypto_state">crypto_state</a>;</span></code></li><li id="type-state.fragment" class="def record field anchored"><a href="#type-state.fragment" class="anchor"></a><code><span>fragment : string;</span></code></li><li id="type-state.read_closed" class="def record field anchored"><a href="#type-state.read_closed" class="anchor"></a><code><span>read_closed : bool;</span></code></li><li id="type-state.write_closed" class="def record field anchored"><a href="#type-state.write_closed" class="anchor"></a><code><span>write_closed : bool;</span></code></li></ol><code><span>}</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-error"><a href="#type-error" class="anchor"></a><code><span><span class="keyword">type</span> error</span><span> = </span><span>[ </span></code><ol><li id="type-error.AuthenticationFailure" class="def variant constructor anchored"><a href="#type-error.AuthenticationFailure" class="anchor"></a><code><span>| </span><span>`AuthenticationFailure <span class="keyword">of</span> <span class="xref-unresolved">X509</span>.Validation.validation_error</span></code></li><li id="type-error.NoConfiguredCiphersuite" class="def variant constructor anchored"><a href="#type-error.NoConfiguredCiphersuite" class="anchor"></a><code><span>| </span><span>`NoConfiguredCiphersuite <span class="keyword">of</span> <span><a href="../Ciphersuite/index.html#type-ciphersuite">Ciphersuite.ciphersuite</a> list</span></span></code></li><li id="type-error.NoConfiguredVersions" class="def variant constructor anchored"><a href="#type-error.NoConfiguredVersions" class="anchor"></a><code><span>| </span><span>`NoConfiguredVersions <span class="keyword">of</span> <span><a href="../Core/index.html#type-tls_version">Core.tls_version</a> list</span></span></code></li><li id="type-error.NoConfiguredSignatureAlgorithm" class="def variant constructor anchored"><a href="#type-error.NoConfiguredSignatureAlgorithm" class="anchor"></a><code><span>| </span><span>`NoConfiguredSignatureAlgorithm <span class="keyword">of</span> <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span></span></code></li><li id="type-error.NoMatchingCertificateFound" class="def variant constructor anchored"><a href="#type-error.NoMatchingCertificateFound" class="anchor"></a><code><span>| </span><span>`NoMatchingCertificateFound <span class="keyword">of</span> string</span></code></li><li id="type-error.CouldntSelectCertificate" class="def variant constructor anchored"><a href="#type-error.CouldntSelectCertificate" class="anchor"></a><code><span>| </span><span>`CouldntSelectCertificate</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_error"><a href="#val-pp_error" class="anchor"></a><code><span><span class="keyword">val</span> pp_error : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; <span>`AuthenticationFailure of <span class="xref-unresolved">X509</span>.Validation.validation_error</span>
+  <span>| `CouldntSelectCertificate</span>
+  <span><span>| `NoConfiguredCiphersuite</span> of
+    <span><span>[&lt; `AES_128_CCM_SHA256
+    <span>| `AES_128_GCM_SHA256</span>
+    <span>| `AES_256_GCM_SHA384</span>
+    <span>| `CHACHA20_POLY1305_SHA256</span>
+    <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+    <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+    <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+    <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+    <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+    <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+    <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+    <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+    <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+    <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+    <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+    <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+    <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+    <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+    <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+    <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+    <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+    <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+    <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+    <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+    <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+    <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+    <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+    <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+    <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+    <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+    <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+    <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+    <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+    <span>| `RSA_WITH_AES_128_CCM</span>
+    <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+    <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+    <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+    <span>| `RSA_WITH_AES_256_CCM</span>
+    <span>| `RSA_WITH_AES_256_GCM_SHA384</span> AES_128_CCM_SHA256 AES_128_GCM_SHA256 AES_256_GCM_SHA384 CHACHA20_POLY1305_SHA256 ]</span>
+      list</span></span>
+  <span><span>| `NoConfiguredSignatureAlgorithm</span> of
+    <span><span>[&lt; `ECDSA_SECP256R1_SHA1
+    <span>| `ECDSA_SECP256R1_SHA256</span>
+    <span>| `ECDSA_SECP384R1_SHA384</span>
+    <span>| `ECDSA_SECP521R1_SHA512</span>
+    <span>| `ED25519</span>
+    <span>| `RSA_PKCS1_MD5</span>
+    <span>| `RSA_PKCS1_SHA1</span>
+    <span>| `RSA_PKCS1_SHA224</span>
+    <span>| `RSA_PKCS1_SHA256</span>
+    <span>| `RSA_PKCS1_SHA384</span>
+    <span>| `RSA_PKCS1_SHA512</span>
+    <span>| `RSA_PSS_RSAENC_SHA256</span>
+    <span>| `RSA_PSS_RSAENC_SHA384</span>
+    <span>| `RSA_PSS_RSAENC_SHA512</span> ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ]</span>
+      list</span></span>
+  <span><span>| `NoConfiguredVersions</span> of
+    <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> list</span></span>
+  <span><span>| `NoMatchingCertificateFound</span> of string</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-fatal"><a href="#type-fatal" class="anchor"></a><code><span><span class="keyword">type</span> fatal</span><span> = </span><span>[ </span></code><ol><li id="type-fatal.Protocol_version" class="def variant constructor anchored"><a href="#type-fatal.Protocol_version" class="anchor"></a><code><span>| </span><span>`Protocol_version <span class="keyword">of</span>
+  <span>[ <span>`None_supported of <span><a href="../Core/index.html#type-tls_any_version">Core.tls_any_version</a> list</span></span>
+  <span><span>| `Unknown_record</span> of int * int</span>
+  <span><span>| `Bad_record</span> of <a href="../Core/index.html#type-tls_any_version">Core.tls_any_version</a></span> ]</span></span></code></li><li id="type-fatal.Unexpected" class="def variant constructor anchored"><a href="#type-fatal.Unexpected" class="anchor"></a><code><span>| </span><span>`Unexpected <span class="keyword">of</span>
+  <span>[ <span>`Content_type of int</span>
+  <span><span>| `Message</span> of string</span>
+  <span><span>| `Handshake</span> of <a href="../Core/index.html#type-tls_handshake">Core.tls_handshake</a></span> ]</span></span></code></li><li id="type-fatal.Decode" class="def variant constructor anchored"><a href="#type-fatal.Decode" class="anchor"></a><code><span>| </span><span>`Decode <span class="keyword">of</span> string</span></code></li><li id="type-fatal.Handshake" class="def variant constructor anchored"><a href="#type-fatal.Handshake" class="anchor"></a><code><span>| </span><span>`Handshake <span class="keyword">of</span>
+  <span>[ <span>`Message of string</span>
+  <span>| `Fragments</span>
+  <span><span>| `BadDH</span> of string</span>
+  <span><span>| `BadECDH</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.error</span> ]</span></span></code></li><li id="type-fatal.Bad_certificate" class="def variant constructor anchored"><a href="#type-fatal.Bad_certificate" class="anchor"></a><code><span>| </span><span>`Bad_certificate <span class="keyword">of</span> string</span></code></li><li id="type-fatal.Missing_extension" class="def variant constructor anchored"><a href="#type-fatal.Missing_extension" class="anchor"></a><code><span>| </span><span>`Missing_extension <span class="keyword">of</span> string</span></code></li><li id="type-fatal.Bad_mac" class="def variant constructor anchored"><a href="#type-fatal.Bad_mac" class="anchor"></a><code><span>| </span><span>`Bad_mac</span></code></li><li id="type-fatal.Record_overflow" class="def variant constructor anchored"><a href="#type-fatal.Record_overflow" class="anchor"></a><code><span>| </span><span>`Record_overflow <span class="keyword">of</span> int</span></code></li><li id="type-fatal.Unsupported_extension" class="def variant constructor anchored"><a href="#type-fatal.Unsupported_extension" class="anchor"></a><code><span>| </span><span>`Unsupported_extension</span></code></li><li id="type-fatal.Inappropriate_fallback" class="def variant constructor anchored"><a href="#type-fatal.Inappropriate_fallback" class="anchor"></a><code><span>| </span><span>`Inappropriate_fallback</span></code></li><li id="type-fatal.No_application_protocol" class="def variant constructor anchored"><a href="#type-fatal.No_application_protocol" class="anchor"></a><code><span>| </span><span>`No_application_protocol</span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_protocol_version"><a href="#val-pp_protocol_version" class="anchor"></a><code><span><span class="keyword">val</span> pp_protocol_version : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; <span>`Bad_record of
+       <span>[&lt; `SSL_3
+       <span>| `TLS_1_0</span>
+       <span>| `TLS_1_1</span>
+       <span>| `TLS_1_2</span>
+       <span>| `TLS_1_3</span>
+       <span><span>| `TLS_1_X</span> of int</span> ]</span></span>
+  <span><span>| `None_supported</span> of
+    <span><span>[&lt; `SSL_3 <span>| `TLS_1_0</span> <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> <span><span>| `TLS_1_X</span> of int</span> ]</span>
+      list</span></span>
+  <span><span>| `Unknown_record</span> of int * int</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_unexpected"><a href="#val-pp_unexpected" class="anchor"></a><code><span><span class="keyword">val</span> pp_unexpected : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; <span>`Content_type of int</span>
+  <span><span>| `Handshake</span> of <a href="../Core/index.html#type-tls_handshake">Core.tls_handshake</a></span>
+  <span><span>| `Message</span> of string</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_handshake_error"><a href="#val-pp_handshake_error" class="anchor"></a><code><span><span class="keyword">val</span> pp_handshake_error : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; <span>`BadDH of string</span>
+  <span><span>| `BadECDH</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.error</span>
+  <span>| `Fragments</span>
+  <span><span>| `Message</span> of string</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_fatal"><a href="#val-pp_fatal" class="anchor"></a><code><span><span class="keyword">val</span> pp_fatal : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; <span>`Bad_certificate of string</span>
+  <span>| `Bad_mac</span>
+  <span><span>| `Decode</span> of string</span>
+  <span><span>| `Handshake</span> of
+    <span>[&lt; <span>`BadDH of string</span>
+    <span><span>| `BadECDH</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.error</span>
+    <span>| `Fragments</span>
+    <span><span>| `Message</span> of string</span> ]</span></span>
+  <span>| `Inappropriate_fallback</span>
+  <span><span>| `Missing_extension</span> of string</span>
+  <span>| `No_application_protocol</span>
+  <span><span>| `Protocol_version</span> of
+    <span>[&lt; <span>`Bad_record of
+         <span>[&lt; `SSL_3
+         <span>| `TLS_1_0</span>
+         <span>| `TLS_1_1</span>
+         <span>| `TLS_1_2</span>
+         <span>| `TLS_1_3</span>
+         <span><span>| `TLS_1_X</span> of int</span> ]</span></span>
+    <span><span>| `None_supported</span> of
+      <span><span>[&lt; `SSL_3 <span>| `TLS_1_0</span> <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> <span><span>| `TLS_1_X</span> of int</span> ]</span>
+        list</span></span>
+    <span><span>| `Unknown_record</span> of int * int</span> ]</span></span>
+  <span><span>| `Record_overflow</span> of int</span>
+  <span><span>| `Unexpected</span> of
+    <span>[&lt; <span>`Content_type of int</span>
+    <span><span>| `Handshake</span> of <a href="../Core/index.html#type-tls_handshake">Core.tls_handshake</a></span>
+    <span><span>| `Message</span> of string</span> ]</span></span>
+  <span>| `Unsupported_extension</span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec type anchored" id="type-failure"><a href="#type-failure" class="anchor"></a><code><span><span class="keyword">type</span> failure</span><span> = </span><span>[ </span></code><ol><li id="type-failure.Error" class="def variant constructor anchored"><a href="#type-failure.Error" class="anchor"></a><code><span>| </span><span>`Error <span class="keyword">of</span> <a href="#type-error">error</a></span></code></li><li id="type-failure.Fatal" class="def variant constructor anchored"><a href="#type-failure.Fatal" class="anchor"></a><code><span>| </span><span>`Fatal <span class="keyword">of</span> <a href="#type-fatal">fatal</a></span></code></li><li id="type-failure.Alert" class="def variant constructor anchored"><a href="#type-failure.Alert" class="anchor"></a><code><span>| </span><span>`Alert <span class="keyword">of</span> <a href="../Packet/index.html#type-alert_type">Packet.alert_type</a></span></code></li></ol><code><span> ]</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-pp_failure"><a href="#val-pp_failure" class="anchor"></a><code><span><span class="keyword">val</span> pp_failure : 
+  <span><span class="xref-unresolved">Stdlib</span>.Format.formatter <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; <span>`Alert of <a href="../Packet/index.html#type-alert_type">Packet.alert_type</a></span>
+  <span><span>| `Error</span> of
+    <span>[&lt; <span>`AuthenticationFailure of <span class="xref-unresolved">X509</span>.Validation.validation_error</span>
+    <span>| `CouldntSelectCertificate</span>
+    <span><span>| `NoConfiguredCiphersuite</span> of
+      <span><span>[&lt; `AES_128_CCM_SHA256
+      <span>| `AES_128_GCM_SHA256</span>
+      <span>| `AES_256_GCM_SHA384</span>
+      <span>| `CHACHA20_POLY1305_SHA256</span>
+      <span>| `DHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+      <span>| `DHE_RSA_WITH_AES_128_CBC_SHA</span>
+      <span>| `DHE_RSA_WITH_AES_128_CBC_SHA256</span>
+      <span>| `DHE_RSA_WITH_AES_128_CCM</span>
+      <span>| `DHE_RSA_WITH_AES_128_GCM_SHA256</span>
+      <span>| `DHE_RSA_WITH_AES_256_CBC_SHA</span>
+      <span>| `DHE_RSA_WITH_AES_256_CBC_SHA256</span>
+      <span>| `DHE_RSA_WITH_AES_256_CCM</span>
+      <span>| `DHE_RSA_WITH_AES_256_GCM_SHA384</span>
+      <span>| `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+      <span>| `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</span>
+      <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span>
+      <span>| `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</span>
+      <span>| `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+      <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span>
+      <span>| `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</span>
+      <span>| `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+      <span>| `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+      <span>| `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span>
+      <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA</span>
+      <span>| `ECDHE_RSA_WITH_AES_128_CBC_SHA256</span>
+      <span>| `ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+      <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA</span>
+      <span>| `ECDHE_RSA_WITH_AES_256_CBC_SHA384</span>
+      <span>| `ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+      <span>| `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+      <span>| `RSA_WITH_3DES_EDE_CBC_SHA</span>
+      <span>| `RSA_WITH_AES_128_CBC_SHA</span>
+      <span>| `RSA_WITH_AES_128_CBC_SHA256</span>
+      <span>| `RSA_WITH_AES_128_CCM</span>
+      <span>| `RSA_WITH_AES_128_GCM_SHA256</span>
+      <span>| `RSA_WITH_AES_256_CBC_SHA</span>
+      <span>| `RSA_WITH_AES_256_CBC_SHA256</span>
+      <span>| `RSA_WITH_AES_256_CCM</span>
+      <span>| `RSA_WITH_AES_256_GCM_SHA384</span> AES_128_CCM_SHA256 AES_128_GCM_SHA256 AES_256_GCM_SHA384 CHACHA20_POLY1305_SHA256 ]</span>
+        list</span></span>
+    <span><span>| `NoConfiguredSignatureAlgorithm</span> of
+      <span><span>[&lt; `ECDSA_SECP256R1_SHA1
+      <span>| `ECDSA_SECP256R1_SHA256</span>
+      <span>| `ECDSA_SECP384R1_SHA384</span>
+      <span>| `ECDSA_SECP521R1_SHA512</span>
+      <span>| `ED25519</span>
+      <span>| `RSA_PKCS1_MD5</span>
+      <span>| `RSA_PKCS1_SHA1</span>
+      <span>| `RSA_PKCS1_SHA224</span>
+      <span>| `RSA_PKCS1_SHA256</span>
+      <span>| `RSA_PKCS1_SHA384</span>
+      <span>| `RSA_PKCS1_SHA512</span>
+      <span>| `RSA_PSS_RSAENC_SHA256</span>
+      <span>| `RSA_PSS_RSAENC_SHA384</span>
+      <span>| `RSA_PSS_RSAENC_SHA512</span> ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ]</span>
+        list</span></span>
+    <span><span>| `NoConfiguredVersions</span> of
+      <span><span>[&lt; `TLS_1_0 <span>| `TLS_1_1</span> <span>| `TLS_1_2</span> <span>| `TLS_1_3</span> ]</span> list</span></span>
+    <span><span>| `NoMatchingCertificateFound</span> of string</span> ]</span></span>
+  <span><span>| `Fatal</span> of
+    <span>[&lt; <span>`Bad_certificate of string</span>
+    <span>| `Bad_mac</span>
+    <span><span>| `Decode</span> of string</span>
+    <span><span>| `Handshake</span> of
+      <span>[&lt; <span>`BadDH of string</span>
+      <span><span>| `BadECDH</span> of <span class="xref-unresolved">Mirage_crypto_ec</span>.error</span>
+      <span>| `Fragments</span>
+      <span><span>| `Message</span> of string</span> ]</span></span>
+    <span>| `Inappropriate_fallback</span>
+    <span><span>| `Missing_extension</span> of string</span>
+    <span>| `No_application_protocol</span>
+    <span><span>| `Protocol_version</span> of
+      <span>[&lt; <span>`Bad_record of
+           <span>[&lt; `SSL_3
+           <span>| `TLS_1_0</span>
+           <span>| `TLS_1_1</span>
+           <span>| `TLS_1_2</span>
+           <span>| `TLS_1_3</span>
+           <span><span>| `TLS_1_X</span> of int</span> ]</span></span>
+      <span><span>| `None_supported</span> of
+        <span><span>[&lt; `SSL_3
+        <span>| `TLS_1_0</span>
+        <span>| `TLS_1_1</span>
+        <span>| `TLS_1_2</span>
+        <span>| `TLS_1_3</span>
+        <span><span>| `TLS_1_X</span> of int</span> ]</span>
+          list</span></span>
+      <span><span>| `Unknown_record</span> of int * int</span> ]</span></span>
+    <span><span>| `Record_overflow</span> of int</span>
+    <span><span>| `Unexpected</span> of
+      <span>[&lt; <span>`Content_type of int</span>
+      <span><span>| `Handshake</span> of <a href="../Core/index.html#type-tls_handshake">Core.tls_handshake</a></span>
+      <span><span>| `Message</span> of string</span> ]</span></span>
+    <span>| `Unsupported_extension</span> ]</span></span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  unit</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-common_data_to_epoch"><a href="#val-common_data_to_epoch" class="anchor"></a><code><span><span class="keyword">val</span> common_data_to_epoch : 
+  <span><a href="#type-common_session_data">common_session_data</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>bool <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../Core/index.html#type-epoch_data">Core.epoch_data</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-epoch_of_session"><a href="#val-epoch_of_session" class="anchor"></a><code><span><span class="keyword">val</span> epoch_of_session : 
+  <span>bool <span class="arrow">&#45;&gt;</span></span>
+  <span><span><span><span>[ `host ]</span> <span class="xref-unresolved">Domain_name</span>.t</span> option</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><a href="../Core/index.html#type-tls_version">Core.tls_version</a> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>[&lt; <span>`TLS of <a href="#type-session_data">session_data</a></span> <span><span>| `TLS13</span> of <a href="#type-session_data13">session_data13</a></span> ]</span> <span class="arrow">&#45;&gt;</span></span>
+  <a href="../Core/index.html#type-epoch_data">Core.epoch_data</a></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-epoch_of_hs"><a href="#val-epoch_of_hs" class="anchor"></a><code><span><span class="keyword">val</span> epoch_of_hs : <span><a href="#type-handshake_state">handshake_state</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="../Core/index.html#type-epoch_data">Core.epoch_data</a> option</span></span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Utils/List_set/index.html b/doc/tls/Tls/Utils/List_set/index.html
new file mode 100644
index 00000000..2fcd3dfc
--- /dev/null
+++ b/doc/tls/Tls/Utils/List_set/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>List_set (tls.Tls.Utils.List_set)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../../index.html">tls</a> &#x00BB; <a href="../../index.html">Tls</a> &#x00BB; <a href="../index.html">Utils</a> &#x00BB; List_set</nav><header class="odoc-preamble"><h1>Module <code><span>Utils.List_set</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-subset"><a href="#val-subset" class="anchor"></a><code><span><span class="keyword">val</span> subset : <span><span class="optlabel">?compare</span>:<span>(<span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span> <span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span> int)</span> <span class="arrow">&#45;&gt;</span></span> <span><span><span class="type-var">'b</span> list</span> <span class="arrow">&#45;&gt;</span></span> <span><span><span class="type-var">'a</span> list</span> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-is_proper_set"><a href="#val-is_proper_set" class="anchor"></a><code><span><span class="keyword">val</span> is_proper_set : <span><span><span class="type-var">'a</span> list</span> <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Utils/index.html b/doc/tls/Tls/Utils/index.html
new file mode 100644
index 00000000..7953499d
--- /dev/null
+++ b/doc/tls/Tls/Utils/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Utils (tls.Tls.Utils)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Utils</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Utils</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec module anchored" id="module-List_set"><a href="#module-List_set" class="anchor"></a><code><span><span class="keyword">module</span> <a href="List_set/index.html">List_set</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-map_find"><a href="#val-map_find" class="anchor"></a><code><span><span class="keyword">val</span> map_find : <span><span class="label">f</span>:<span>(<span><span class="type-var">'a</span> <span class="arrow">&#45;&gt;</span></span> <span><span class="type-var">'b</span> option</span>)</span> <span class="arrow">&#45;&gt;</span></span> <span><span><span class="type-var">'c</span> list</span> <span class="arrow">&#45;&gt;</span></span> <span><span class="type-var">'d</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-init_and_last"><a href="#val-init_and_last" class="anchor"></a><code><span><span class="keyword">val</span> init_and_last : <span><span><span class="type-var">'a</span> list</span> <span class="arrow">&#45;&gt;</span></span> <span><span>(<span><span class="type-var">'b</span> list</span> * <span class="type-var">'c</span>)</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-first_match"><a href="#val-first_match" class="anchor"></a><code><span><span class="keyword">val</span> first_match : <span><span><span class="type-var">'a</span> list</span> <span class="arrow">&#45;&gt;</span></span> <span><span><span class="type-var">'b</span> list</span> <span class="arrow">&#45;&gt;</span></span> <span><span class="type-var">'c</span> option</span></span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-sub_equal"><a href="#val-sub_equal" class="anchor"></a><code><span><span class="keyword">val</span> sub_equal : <span><span class="label">off</span>:int <span class="arrow">&#45;&gt;</span></span> <span><span class="label">len</span>:int <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> bool</span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/Writer/index.html b/doc/tls/Tls/Writer/index.html
new file mode 100644
index 00000000..fdeedbdd
--- /dev/null
+++ b/doc/tls/Tls/Writer/index.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Writer (tls.Tls.Writer)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../../index.html">tls</a> &#x00BB; <a href="../index.html">Tls</a> &#x00BB; Writer</nav><header class="odoc-preamble"><h1>Module <code><span>Tls.Writer</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_protocol_version"><a href="#val-assemble_protocol_version" class="anchor"></a><code><span><span class="keyword">val</span> assemble_protocol_version : <span><span class="optlabel">?buf</span>:bytes <span class="arrow">&#45;&gt;</span></span> <span><a href="../Core/index.html#type-tls_version">Core.tls_version</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_handshake"><a href="#val-assemble_handshake" class="anchor"></a><code><span><span class="keyword">val</span> assemble_handshake : <span><a href="../Core/index.html#type-tls_handshake">Core.tls_handshake</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_message_hash"><a href="#val-assemble_message_hash" class="anchor"></a><code><span><span class="keyword">val</span> assemble_message_hash : <span>int <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_hdr"><a href="#val-assemble_hdr" class="anchor"></a><code><span><span class="keyword">val</span> assemble_hdr : <span><a href="../Core/index.html#type-tls_version">Core.tls_version</a> <span class="arrow">&#45;&gt;</span></span> <span><span>(<a href="../Packet/index.html#type-content_type">Packet.content_type</a> * string)</span> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_alert"><a href="#val-assemble_alert" class="anchor"></a><code><span><span class="keyword">val</span> assemble_alert : <span><span class="optlabel">?level</span>:<a href="../Packet/index.html#type-alert_level">Packet.alert_level</a> <span class="arrow">&#45;&gt;</span></span> <span><a href="../Packet/index.html#type-alert_type">Packet.alert_type</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_change_cipher_spec"><a href="#val-assemble_change_cipher_spec" class="anchor"></a><code><span><span class="keyword">val</span> assemble_change_cipher_spec : string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_dh_parameters"><a href="#val-assemble_dh_parameters" class="anchor"></a><code><span><span class="keyword">val</span> assemble_dh_parameters : <span><a href="../Core/index.html#type-dh_parameters">Core.dh_parameters</a> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_ec_parameters"><a href="#val-assemble_ec_parameters" class="anchor"></a><code><span><span class="keyword">val</span> assemble_ec_parameters : <span><a href="../Core/index.html#type-group">Core.group</a> <span class="arrow">&#45;&gt;</span></span> <span>string <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_client_dh_key_exchange"><a href="#val-assemble_client_dh_key_exchange" class="anchor"></a><code><span><span class="keyword">val</span> assemble_client_dh_key_exchange : <span>string <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_client_ec_key_exchange"><a href="#val-assemble_client_ec_key_exchange" class="anchor"></a><code><span><span class="keyword">val</span> assemble_client_ec_key_exchange : <span>string <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_digitally_signed"><a href="#val-assemble_digitally_signed" class="anchor"></a><code><span><span class="keyword">val</span> assemble_digitally_signed : <span>string <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_digitally_signed_1_2"><a href="#val-assemble_digitally_signed_1_2" class="anchor"></a><code><span><span class="keyword">val</span> assemble_digitally_signed_1_2 : 
+  <span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> <span class="arrow">&#45;&gt;</span></span>
+  <span>string <span class="arrow">&#45;&gt;</span></span>
+  string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_certificate_request"><a href="#val-assemble_certificate_request" class="anchor"></a><code><span><span class="keyword">val</span> assemble_certificate_request : 
+  <span><span><a href="../Packet/index.html#type-client_certificate_type">Packet.client_certificate_type</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>string list</span> <span class="arrow">&#45;&gt;</span></span>
+  string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_certificate_request_1_2"><a href="#val-assemble_certificate_request_1_2" class="anchor"></a><code><span><span class="keyword">val</span> assemble_certificate_request_1_2 : 
+  <span><span><a href="../Packet/index.html#type-client_certificate_type">Packet.client_certificate_type</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="../Core/index.html#type-signature_algorithm">Core.signature_algorithm</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  <span><span>string list</span> <span class="arrow">&#45;&gt;</span></span>
+  string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_certificate_request_1_3"><a href="#val-assemble_certificate_request_1_3" class="anchor"></a><code><span><span class="keyword">val</span> assemble_certificate_request_1_3 : 
+  <span><span class="optlabel">?context</span>:string <span class="arrow">&#45;&gt;</span></span>
+  <span><span><a href="../Core/index.html#type-certificate_request_extension">Core.certificate_request_extension</a> list</span> <span class="arrow">&#45;&gt;</span></span>
+  string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_certificates"><a href="#val-assemble_certificates" class="anchor"></a><code><span><span class="keyword">val</span> assemble_certificates : <span><span>string list</span> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div><div class="odoc-spec"><div class="spec value anchored" id="val-assemble_certificates_1_3"><a href="#val-assemble_certificates_1_3" class="anchor"></a><code><span><span class="keyword">val</span> assemble_certificates_1_3 : <span>string <span class="arrow">&#45;&gt;</span></span> <span><span>string list</span> <span class="arrow">&#45;&gt;</span></span> string</span></code></div></div></div></body></html>
diff --git a/doc/tls/Tls/index.html b/doc/tls/Tls/index.html
new file mode 100644
index 00000000..9140b480
--- /dev/null
+++ b/doc/tls/Tls/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Tls (tls.Tls)</title><meta charset="utf-8"/><link rel="stylesheet" href="../../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – <a href="../index.html">tls</a> &#x00BB; Tls</nav><header class="odoc-preamble"><h1>Module <code><span>Tls</span></code></h1></header><div class="odoc-content"><div class="odoc-spec"><div class="spec module anchored" id="module-Ciphersuite"><a href="#module-Ciphersuite" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Ciphersuite/index.html">Ciphersuite</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div><div class="spec-doc"><p>Ciphersuite definitions and some helper functions.</p></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Config"><a href="#module-Config" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Config/index.html">Config</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div><div class="spec-doc"><p>Configuration of the TLS stack</p></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Core"><a href="#module-Core" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Core/index.html">Core</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div><div class="spec-doc"><p>Core type definitions</p></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Crypto"><a href="#module-Crypto" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Crypto/index.html">Crypto</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Engine"><a href="#module-Engine" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Engine/index.html">Engine</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div><div class="spec-doc"><p>Transport layer security</p></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Explorator"><a href="#module-Explorator" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Explorator/index.html">Explorator</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Handshake_client"><a href="#module-Handshake_client" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Handshake_client/index.html">Handshake_client</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Handshake_client13"><a href="#module-Handshake_client13" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Handshake_client13/index.html">Handshake_client13</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Handshake_common"><a href="#module-Handshake_common" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Handshake_common/index.html">Handshake_common</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Handshake_crypto"><a href="#module-Handshake_crypto" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Handshake_crypto/index.html">Handshake_crypto</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Handshake_crypto13"><a href="#module-Handshake_crypto13" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Handshake_crypto13/index.html">Handshake_crypto13</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Handshake_server"><a href="#module-Handshake_server" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Handshake_server/index.html">Handshake_server</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Handshake_server13"><a href="#module-Handshake_server13" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Handshake_server13/index.html">Handshake_server13</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Packet"><a href="#module-Packet" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Packet/index.html">Packet</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div><div class="spec-doc"><p>Magic numbers of the TLS protocol.</p></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Reader"><a href="#module-Reader" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Reader/index.html">Reader</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-State"><a href="#module-State" class="anchor"></a><code><span><span class="keyword">module</span> <a href="State/index.html">State</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Utils"><a href="#module-Utils" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Utils/index.html">Utils</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div><div class="odoc-spec"><div class="spec module anchored" id="module-Writer"><a href="#module-Writer" class="anchor"></a><code><span><span class="keyword">module</span> <a href="Writer/index.html">Writer</a></span><span> : <span class="keyword">sig</span> ... <span class="keyword">end</span></span></code></div></div></div></body></html>
diff --git a/doc/tls/index.html b/doc/tls/index.html
new file mode 100644
index 00000000..cb1b0fc0
--- /dev/null
+++ b/doc/tls/index.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>index (tls.index)</title><meta charset="utf-8"/><link rel="stylesheet" href="../odoc.support/odoc.css"/><meta name="generator" content="odoc 2.4.2"/><meta name="viewport" content="width=device-width,initial-scale=1.0"/><script src="../odoc.support/highlight.pack.js"></script><script>hljs.initHighlightingOnLoad();</script></head><body class="odoc"><nav class="odoc-nav"><a href="../index.html">Up</a> – tls</nav><header class="odoc-preamble"><h1 id="tls-index"><a href="#tls-index" class="anchor"></a>tls index</h1></header><nav class="odoc-toc"><ul><li><a href="#library-tls">Library tls</a></li></ul></nav><div class="odoc-content"><h2 id="library-tls"><a href="#library-tls" class="anchor"></a>Library tls</h2><p>The entry point of this library is the module: <a href="Tls/index.html"><code>Tls</code></a>.</p></div></body></html>