Session.Fdval read : t -> Cstruct.t -> [ `Ok of int | `Eof ] Async.Deferred.Or_error.tval write_full : t -> Cstruct.t -> unit Async.Deferred.Or_error.tTls_async.SessionLow-level API for working with TLS sessions. Most applications should use the high-level API below
module Fd : sig ... endval server_of_fd : Tls.Config.server -> Fd.t -> t Async.Deferred.Or_error.tserver_of_fd server fd is t, after server-side TLS handshake of fd using server configuration.
val client_of_fd :
- Tls.Config.client ->
- ?host:[ `host ] Domain_name.t ->
- Fd.t ->
- t Async.Deferred.Or_error.tclient_of_fd client ~host fd is t, after client-side TLS handshake of fd using client configuration and host.
val read : t -> Cstruct.t -> int Async.Deferred.Or_error.tread t buffer is length, the number of bytes read into buffer.
val writev : t -> Cstruct.t list -> unit Async.Deferred.Or_error.twritev t buffers writes the buffers to the session.
val close_tls : t -> unit Async.Deferred.Or_error.tclose t closes the TLS session by sending a close notify to the peer.
val reneg :
- ?authenticator:X509.Authenticator.t ->
- ?acceptable_cas:X509.Distinguished_name.t list ->
- ?cert:Tls.Config.own_cert ->
- ?drop:bool ->
- t ->
- unit Async.Deferred.Or_error.treneg ~authenticator ~acceptable_cas ~cert ~drop t renegotiates the session, and blocks until the renegotiation finished. Optionally, a new authenticator and acceptable_cas can be used. The own certificate can be adjusted by cert. If drop is true (the default), application data received before the renegotiation finished is dropped.
val key_update : ?request:bool -> t -> unit Async.Deferred.Or_error.tkey_update ~request t updates the traffic key and requests a traffic key update from the peer if request is provided and true (the default). This is only supported in TLS 1.3.
val epoch : t -> Tls.Core.epoch_data Core.Or_error.tepoch t returns epoch, which contains information of the active session.
Authenticator.Paramval ca_file :
- ?allowed_hashes:Mirage_crypto.Hash.hash list ->
- ?crls:Core.Filename.t ->
- Core.Filename.t ->
- unit ->
- tval ca_dir :
- ?allowed_hashes:Mirage_crypto.Hash.hash list ->
- ?crls:Core.Filename.t ->
- Core.Filename.t ->
- unit ->
- tval cert_fingerprint : Mirage_crypto.Hash.hash -> string -> tThe fingerprint can be collected from a browser or by invoking an openssl command like 'openssl x509 -in <pem_file> -noout -fingerprint -sha256'
val key_fingerprint : Mirage_crypto.Hash.hash -> string -> tThe fingerprint can be collected from a browser or by invoking an openssl command like 'openssl x509 -in <pem_file> -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -sha256'
Async programs often don't use Ptime_clock, so this is provided as a convenience function. Relies on Unix.gettimeofday.
val to_authenticator :
- time:(unit -> Ptime.t option) ->
- t ->
- {Authenticator}7.t Async.Deferred.Or_error.tX509_async.Authenticatorval chain_of_trust :
- time:(unit -> Ptime.t option) ->
- ?crls:X509.CRL.t list ->
- ?allowed_hashes:Mirage_crypto.Hash.hash list ->
- X509.Certificate.t list ->
- tval server_key_fingerprint :
- time:(unit -> Ptime.t option) ->
- hash:Mirage_crypto.Hash.hash ->
- fingerprint:Cstruct.t ->
- tval server_cert_fingerprint :
- time:(unit -> Ptime.t option) ->
- hash:Mirage_crypto.Hash.hash ->
- fingerprint:Cstruct.t ->
- tval of_string :
- string ->
- ((unit -> Ptime.t option) -> t, [> `Msg of string ]) Stdlib.resultmodule Param : sig ... endX509_async.CRLval encode_der : t -> Cstruct.tval issuer : t -> X509.Distinguished_name.tval this_update : t -> Ptime.tval next_update : t -> Ptime.t optionval reason : revoked_cert -> X509.Extension.reason optionval revoked_certificates : t -> revoked_cert listval extensions : t -> X509.Extension.tval crl_number : t -> int optionval signature_algorithm :
- t ->
- (X509.Key_type.signature_scheme * Mirage_crypto.Hash.hash) optionval validate :
- t ->
- ?allowed_hashes:Mirage_crypto.Hash.hash list ->
- X509.Public_key.t ->
- (unit, [> X509.Validation.signature_error ]) Stdlib.resulttype verification_error = [ | `Bad_encoding of X509.Distinguished_name.t * string * Cstruct.t| `Bad_signature of X509.Distinguished_name.t * string| `Hash_not_allowed of X509.Distinguished_name.t * Mirage_crypto.Hash.hash| `Issuer_subject_mismatch of
- X509.Distinguished_name.t * X509.Distinguished_name.t| `Msg of string| `Next_update_scheduled of X509.Distinguished_name.t * Ptime.t * Ptime.t| `Not_yet_valid of X509.Distinguished_name.t * Ptime.t * Ptime.t| `Unsupported_algorithm of X509.Distinguished_name.t * string| `Unsupported_keytype of X509.Distinguished_name.t * X509.Public_key.t ]val pp_verification_error : verification_error Fmt.tval verify :
- t ->
- ?allowed_hashes:Mirage_crypto.Hash.hash list ->
- ?time:Ptime.t ->
- X509.Certificate.t ->
- (unit, [> verification_error ]) Stdlib.resultval is_revoked :
- ?allowed_hashes:Mirage_crypto.Hash.hash list ->
- issuer:X509.Certificate.t ->
- cert:X509.Certificate.t ->
- t list ->
- boolval decode_der : contents:string -> t Core.Or_error.tval revoke :
- ?digest:Mirage_crypto.Hash.hash ->
- issuer:Distinguished_name.t ->
- this_update:Ptime.t ->
- ?next_update:Ptime.t ->
- ?extensions:Extension.t ->
- revoked_cert list ->
- Private_key.t ->
- t Core.Or_error.tval revoke_certificate :
- revoked_cert ->
- this_update:Ptime.t ->
- ?next_update:Ptime.t ->
- t ->
- Private_key.t ->
- t Core.Or_error.tval revoke_certificates :
- revoked_cert list ->
- this_update:Ptime.t ->
- ?next_update:Ptime.t ->
- t ->
- Private_key.t ->
- t Core.Or_error.tval of_pem_dir : directory:Core.Filename.t -> t list Async.Deferred.Or_error.tX509_async.Certificateval pp : t Fmt.tval encode_der : t -> Cstruct.tval encode_pem_multiple : t list -> Cstruct.tval encode_pem : t -> Cstruct.tval supports_keytype : t -> X509.Key_type.t -> boolval public_key : t -> X509.Public_key.tval signature_algorithm :
- t ->
- (X509.Key_type.signature_scheme * Mirage_crypto.Hash.hash) optionval hostnames : t -> X509.Host.Set.tval supports_hostname : t -> [ `host ] Domain_name.t -> boolval ips : t -> Ipaddr.Set.tval supports_ip : t -> Ipaddr.t -> boolval fingerprint : Mirage_crypto.Hash.hash -> t -> Cstruct.tval subject : t -> X509.Distinguished_name.tval issuer : t -> X509.Distinguished_name.tval serial : t -> Z.tval validity : t -> Ptime.t * Ptime.tval extensions : t -> X509.Extension.tval decode_pem_multiple : contents:string -> t list Core.Or_error.tval decode_pem : contents:string -> t Core.Or_error.tval decode_der : contents:string -> t Core.Or_error.tval of_pem_file : Core.Filename.t -> t list Async.Deferred.Or_error.tval of_pem_directory :
- directory:Core.Filename.t ->
- t list Async.Deferred.Or_error.tX509_async.Distinguished_nametype attribute = X509.Distinguished_name.attribute = | CN of string| Serialnumber of string| C of string| L of string| ST of string| O of string| OU of string| T of string| DNQ of string| Mail of string| DC of string| Given_name of string| Surname of string| Initials of string| Pseudonym of string| Generation of string| Street of string| Userid of string| Other of Asn.oid * stringval make_pp :
- format:[ `OSF | `OpenSSL | `RFC4514 ] ->
- ?spacing:[ `Loose | `Medium | `Tight ] ->
- unit ->
- t Fmt.tval pp : t Fmt.tval common_name : t -> string optionval encode_der : t -> Cstruct.tval decode_der : contents:string -> t Core.Or_error.tOCSP.Requestval pp : t Fmt.tval validate :
- t ->
- ?allowed_hashes:Mirage_crypto.Hash.hash list ->
- X509.Public_key.t ->
- (unit,
- [> `Bad_encoding of X509.Distinguished_name.t * string * Cstruct.t
- | `Bad_signature of X509.Distinguished_name.t * string
- | `Hash_not_allowed of X509.Distinguished_name.t * Mirage_crypto.Hash.hash
- | `Msg of string
- | `No_signature
- | `Unsupported_algorithm of X509.Distinguished_name.t * string
- | `Unsupported_keytype of X509.Distinguished_name.t * X509.Public_key.t ])
- Stdlib.resultval requestor_name : t -> X509.General_name.b optionval cert_ids : t -> X509.OCSP.cert_id listval encode_der : t -> Cstruct.tval create :
- ?certs:Certificate.t list ->
- ?digest:Mirage_crypto.Hash.hash ->
- ?requestor_name:General_name.b ->
- ?key:Private_key.t ->
- cert_id list ->
- t Core.Or_error.tval decode_der : contents:string -> t Core.Or_error.tOCSP.Responseval pp_status : status Fmt.tval pp_cert_status : cert_status Fmt.tval create_single_response :
- ?next_update:Ptime.t ->
- ?single_extensions:X509.Extension.t ->
- X509.OCSP.cert_id ->
- cert_status ->
- Ptime.t ->
- single_responseval pp_single_response : single_response Fmt.tval single_response_cert_id : single_response -> X509.OCSP.cert_idval single_response_status : single_response -> cert_statusval create_responder_id : X509.Public_key.t -> responder_idval pp_responder_id : responder_id Fmt.tval create :
- [ `InternalError
- | `MalformedRequest
- | `SigRequired
- | `TryLater
- | `Unauthorized ] ->
- tval pp : t Fmt.tval responder_id : t -> (responder_id, [> `Msg of string ]) Stdlib.resultval encode_der : t -> Cstruct.tval validate :
- t ->
- ?allowed_hashes:Mirage_crypto.Hash.hash list ->
- ?now:Ptime.t ->
- X509.Public_key.t ->
- (unit,
- [> `Bad_encoding of X509.Distinguished_name.t * string * Cstruct.t
- | `Bad_signature of X509.Distinguished_name.t * string
- | `Hash_not_allowed of X509.Distinguished_name.t * Mirage_crypto.Hash.hash
- | `Msg of string
- | `No_signature
- | `Time_invalid
- | `Unsupported_algorithm of X509.Distinguished_name.t * string
- | `Unsupported_keytype of X509.Distinguished_name.t * X509.Public_key.t ])
- Stdlib.resultval create_success :
- ?digest:Mirage_crypto.Hash.hash ->
- ?certs:Certificate.t list ->
- ?response_extensions:Extension.t ->
- Private_key.t ->
- responder_id ->
- Ptime.t ->
- single_response list ->
- t Core.Or_error.tval responses : t -> single_response list Core.Or_error.tval decode_der : contents:string -> t Core.Or_error.tX509_async.OCSPval create_cert_id :
- ?hash:Mirage_crypto.Hash.hash ->
- X509.Certificate.t ->
- Z.t ->
- cert_idval cert_id_serial : cert_id -> Z.tval pp_cert_id : cert_id Fmt.tmodule Request : sig ... endmodule Response : sig ... endX509_async.PKCS12val encode_der : t -> Cstruct.tval create :
- ?mac:[ `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] ->
- ?algorithm:[ `AES128_CBC | `AES192_CBC | `AES256_CBC ] ->
- ?iterations:int ->
- string ->
- X509.Certificate.t list ->
- X509.Private_key.t ->
- tval decode_der : contents:string -> t Core.Or_error.tval verify :
- string ->
- t ->
- [ `Certificate of Certificate.t
- | `Crl of CRL.t
- | `Decrypted_private_key of Private_key.t
- | `Private_key of Private_key.t ]
- list
- Core.Or_error.tX509_async.Private_keyval generate : ?seed:Cstruct.t -> ?bits:int -> X509.Key_type.t -> tval of_cstruct :
- Cstruct.t ->
- X509.Key_type.t ->
- (t, [> `Msg of string ]) Stdlib.resultval of_string :
- ?seed_or_data:[ `Data | `Seed ] ->
- ?bits:int ->
- X509.Key_type.t ->
- string ->
- (t, [> `Msg of string ]) Stdlib.resultval key_type : t -> X509.Key_type.tval public : t -> X509.Public_key.tval encode_der : t -> Cstruct.tval encode_pem : t -> Cstruct.tval sign :
- Mirage_crypto.Hash.hash ->
- ?scheme:Key_type.signature_scheme ->
- t ->
- [ `Digest of Cstruct.t | `Message of Cstruct.t ] ->
- string Core.Or_error.tval decode_der : contents:string -> t Core.Or_error.tval decode_pem : contents:string -> t Core.Or_error.tval of_pem_file : Core.Filename.t -> t Async.Deferred.Or_error.tX509_async.Public_keyval pp : t Fmt.tval id : t -> Cstruct.tval fingerprint : ?hash:Mirage_crypto.Hash.hash -> t -> Cstruct.tval key_type : t -> X509.Key_type.tval encode_der : t -> Cstruct.tval encode_pem : t -> Cstruct.tval verify :
- Mirage_crypto.Hash.hash ->
- ?scheme:Key_type.signature_scheme ->
- signature:string ->
- t ->
- [ `Digest of string | `Message of string ] ->
- unit Core.Or_error.tval decode_der : contents:string -> t Core.Or_error.tval decode_pem : contents:string -> t Core.Or_error.tX509_async.Signing_requestval encode_der : t -> Cstruct.tval encode_pem : t -> Cstruct.tval info : t -> request_infoval signature_algorithm :
- t ->
- (X509.Key_type.signature_scheme * Mirage_crypto.Hash.hash) optionval hostnames : t -> X509.Host.Set.tval decode_der :
- ?allowed_hashes:Mirage_crypto.Hash.hash list ->
- string ->
- t Core.Or_error.tval decode_pem : string -> t Core.Or_error.tval create :
- Distinguished_name.t ->
- ?digest:Mirage_crypto.Hash.hash ->
- ?extensions:Ext.t ->
- Private_key.t ->
- t Core.Or_error.tval sign :
- ?allowed_hashes:Mirage_crypto.Hash.hash list ->
- ?digest:Mirage_crypto.Hash.hash ->
- ?serial:Z.t ->
- ?extensions:Extension.t ->
- t ->
- Private_key.t ->
- Distinguished_name.t ->
- valid_from:Ptime.t ->
- valid_until:Ptime.t ->
- Certificate.t Core.Or_error.tTls_async.X509_asyncHelper functions for Async_unix-specific IO operations commonly used with X509 certificates, such as loading from a Unix filesystem
module Authenticator : sig ... endmodule Private_key : sig ... endmodule Public_key : sig ... endmodule Certificate : sig ... endmodule Distinguished_name : sig ... endmodule CRL : sig ... endmodule OCSP : sig ... endmodule PKCS12 : sig ... endmodule Signing_request : sig ... endTls_asyncmodule Session : sig ... endLow-level API for working with TLS sessions. Most applications should use the high-level API below
module X509_async : sig ... endHelper functions for Async_unix-specific IO operations commonly used with X509 certificates, such as loading from a Unix filesystem
val listen :
- ?buffer_age_limit:Async.Writer.buffer_age_limit ->
- ?max_connections:int ->
- ?max_accepts_per_batch:int ->
- ?backlog:int ->
- ?socket:
- ([ `Unconnected ], [< Async.Socket.Address.t ] as 'address) Async.Socket.t ->
- on_handler_error:[ `Call of 'address -> exn -> unit | `Ignore | `Raise ] ->
- Tls.Config.server ->
- ('address, 'listening_on) Async.Tcp.Where_to_listen.t ->
- ('address ->
- Session.t ->
- Async.Reader.t ->
- Async.Writer.t ->
- unit Async.Deferred.t) ->
- ('address, 'listening_on) Async.Tcp.Server.t Async.Deferred.tlisten creates a Tcp.Server.t with the requested parameters, including those specified in Tls.Config.server. The handler function exposes the low-level Session.t to accommodate cases like interrogating a client certificate
type 'a tls_handler = Session.t -> 'a io_handlerval upgrade_server_handler :
- config:Tls.Config.server ->
- 'a tls_handler ->
- 'a io_handlerupgrade_server_handler is what listen calls to handle each client. It is exposed so that low-level end-users of the library can use tls-async inside of code that manages Tcp services directly.
The tls_handler argument will be called with the client Tls session, reader and writer to be used for cleartext data.
The outer reader and writer will read encrypted data from and write encrypted data to the connected socket.
val connect :
- ?socket:([ `Unconnected ], 'addr) Async.Socket.t ->
- (Tls.Config.client ->
- 'addr Async.Tcp.Where_to_connect.t ->
- host:[ `host ] Domain_name.t option ->
- (Session.t * Async.Reader.t * Async.Writer.t) Async.Deferred.Or_error.t)
- Async.Tcp.Aliases.with_connect_optionsconnect behaves similarly to Tcp.connect, exposing a cleartext reader and writer. Callers should ensure they close the Writer.t and wait for the unit Deferred.t returned by `Closed_and_flushed_downstream to completely shut down the TLS connection
host is used for peer name verification and should generally be provided. Passing None will disable peer name verification unless peer_name was provided in the Tls.Config.client. If both are present host overwrites peer_name.
The entry point of this library is the module: Tls_async.
Tls_lwt.UnixLow-level API
It is the responsibility of the client to handle error conditions. The underlying file descriptors are not closed.
val server_of_fd : Tls.Config.server -> Lwt_unix.file_descr -> t Lwt.tserver_of_fd server fd is t, after server-side TLS handshake of fd using server configuration.
val client_of_fd :
+Unix (tls-lwt.Tls_lwt.Unix) Module Tls_lwt.Unix
Low-level API
Unix API
It is the responsibility of the client to handle error conditions. The underlying file descriptors are not closed.
Constructors
val server_of_fd : Tls.Config.server -> Lwt_unix.file_descr -> t Lwt.tserver_of_fd server fd is t, after server-side TLS handshake of fd using server configuration.
val client_of_fd :
Tls.Config.client ->
?host:[ `host ] Domain_name.t ->
Lwt_unix.file_descr ->
diff --git a/doc/tls-lwt/Tls_lwt/index.html b/doc/tls-lwt/Tls_lwt/index.html
index 0ff903dd..605e2f3a 100644
--- a/doc/tls-lwt/Tls_lwt/index.html
+++ b/doc/tls-lwt/Tls_lwt/index.html
@@ -1,5 +1,5 @@
-Tls_lwt (tls-lwt.Tls_lwt) Module Tls_lwt
Effectful operations using Lwt for pure TLS.
The pure TLS is state and buffer in, state and buffer out. This module uses Lwt for communication over the network.
This module implements a high-level API and a low-level API (in Unix). Most applications should use the high-level API described below.
exception Tls_alert of Tls.Packet.alert_typeTls_alert exception received from the other endpoint
exception Tls_failure of Tls.Engine.failureTls_failure exception while processing incoming data
module Unix : sig ... endLow-level API
High-level API
val accept_ext :
+Tls_lwt (tls-lwt.Tls_lwt) Module Tls_lwt
Effectful operations using Lwt for pure TLS.
The pure TLS is state and buffer in, state and buffer out. This module uses Lwt for communication over the network.
This module implements a high-level API and a low-level API (in Unix). Most applications should use the high-level API described below.
exception Tls_alert of Tls.Packet.alert_typeTls_alert exception received from the other endpoint
exception Tls_failure of Tls.Engine.failureTls_failure exception while processing incoming data
module Unix : sig ... endLow-level API
High-level API
val accept_ext :
Tls.Config.server ->
Lwt_unix.file_descr ->
((ic * oc) * Lwt_unix.sockaddr) Lwt.taccept_ext server fd is (ic, oc), sockaddr, the input and output channel from an accepted connection on the given fd, after upgrading to TLS using the server configuration.
val accept :
diff --git a/doc/tls-lwt/X509_lwt/index.html b/doc/tls-lwt/X509_lwt/index.html
index e5f5fef5..73aec99b 100644
--- a/doc/tls-lwt/X509_lwt/index.html
+++ b/doc/tls-lwt/X509_lwt/index.html
@@ -1,5 +1,5 @@
-X509_lwt (tls-lwt.X509_lwt) Module X509_lwt
X.509 certificate handling using Lwt.
val private_of_pems :
+X509_lwt (tls-lwt.X509_lwt) Module X509_lwt
X.509 certificate handling using Lwt.
val private_of_pems :
cert:Lwt_io.file_name ->
priv_key:Lwt_io.file_name ->
Tls.Config.certchain Lwt.tprivate_of_pems ~cert ~priv_key is priv, after reading the private key and certificate chain from the given PEM-encoded files.
certs_of_pem file is certificates, which are read from the PEM-encoded file.
certs_of_pem_dir dir is certificates, which are read from all PEM-encoded files in dir.
val authenticator :
diff --git a/doc/tls-lwt/index.html b/doc/tls-lwt/index.html
index 3209abd8..c0ca7800 100644
--- a/doc/tls-lwt/index.html
+++ b/doc/tls-lwt/index.html
@@ -1,2 +1,2 @@
-index (tls-lwt.index) tls-lwt index
index (tls-lwt.index) tls-lwt index
Make (tls-mirage.Tls_mirage.Make) Module Tls_mirage.Make
TLS module given a flow
Parameters
Signature
type error = [ | `Tls_alert of Tls.Packet.alert_type| `Tls_failure of Tls.Engine.failure| `Read of F.error| `Write of F.write_error
]possible errors: incoming alert, processing failure, or a problem in the underlying flow.
The type for write errors.
we provide the FLOW interface
include Mirage_flow.S
+Make (tls-mirage.Tls_mirage.Make) Module Tls_mirage.Make
TLS module given a flow
Parameters
Signature
type error = [ | `Tls_alert of Tls.Packet.alert_type| `Tls_failure of Tls.Engine.failure| `Read of F.error| `Write of F.write_error
]possible errors: incoming alert, processing failure, or a problem in the underlying flow.
The type for write errors.
we provide the FLOW interface
include Mirage_flow.S
with type error := error
- and type write_error := write_error
val pp_error : error Fmt.tval pp_write_error : write_error Fmt.tval write : flow -> Cstruct.t -> (unit, write_error) Stdlib.result Lwt.tval writev : flow -> Cstruct.t list -> (unit, write_error) Stdlib.result Lwt.tval close : flow -> unit Lwt.tval underlying : flow -> F.flowunderlying t returns the underlying flow. This is useful to extract information such as src and dst of that flow.
val reneg :
+ and type write_error := write_errorval pp_error : error Fmt.tval pp_write_error : write_error Fmt.tval write : flow -> Cstruct.t -> (unit, write_error) Stdlib.result Lwt.tval writev : flow -> Cstruct.t list -> (unit, write_error) Stdlib.result Lwt.tval shutdown : flow -> [ `read | `read_write | `write ] -> unit Lwt.tval close : flow -> unit Lwt.tval underlying : flow -> F.flowunderlying t returns the underlying flow. This is useful to extract information such as src and dst of that flow.
val reneg :
?authenticator:X509.Authenticator.t ->
?acceptable_cas:X509.Distinguished_name.t list ->
?cert:Tls.Config.own_cert ->
diff --git a/doc/tls-mirage/Tls_mirage/X509/index.html b/doc/tls-mirage/Tls_mirage/X509/index.html
index af0b5228..a92b34c3 100644
--- a/doc/tls-mirage/Tls_mirage/X509/index.html
+++ b/doc/tls-mirage/Tls_mirage/X509/index.html
@@ -1,5 +1,5 @@
-X509 (tls-mirage.Tls_mirage.X509) Module Tls_mirage.X509
X.509 handling given a key value store and a clock
Parameters
Signature
val authenticator :
+X509 (tls-mirage.Tls_mirage.X509) Module Tls_mirage.X509
X.509 handling given a key value store and a clock
Parameters
Signature
val authenticator :
?allowed_hashes:Mirage_crypto.Hash.hash list ->
?crl:string ->
KV.t ->
diff --git a/doc/tls-mirage/Tls_mirage/index.html b/doc/tls-mirage/Tls_mirage/index.html
index 30e0e090..ae16221c 100644
--- a/doc/tls-mirage/Tls_mirage/index.html
+++ b/doc/tls-mirage/Tls_mirage/index.html
@@ -1,2 +1,2 @@
-Tls_mirage (tls-mirage.Tls_mirage) Module Tls_mirage
Effectful operations using Mirage for pure TLS.
Tls_mirage (tls-mirage.Tls_mirage) Module Tls_mirage
Effectful operations using Mirage for pure TLS.
index (tls-mirage.index) tls-mirage index
Library tls-mirage
The entry point of this library is the module: Tls_mirage.
+index (tls-mirage.index) tls-mirage index
Library tls-mirage
The entry point of this library is the module: Tls_mirage.
diff --git a/doc/tls/Tls/Ciphersuite/index.html b/doc/tls/Tls/Ciphersuite/index.html
index 97805084..39207cea 100644
--- a/doc/tls/Tls/Ciphersuite/index.html
+++ b/doc/tls/Tls/Ciphersuite/index.html
@@ -1,5 +1,5 @@
-Ciphersuite (tls.Tls.Ciphersuite) Module Tls.Ciphersuite
Ciphersuite definitions and some helper functions.
val pp_key_exchange_algorithm_dhe :
+Ciphersuite (tls.Tls.Ciphersuite) Module Tls.Ciphersuite
Ciphersuite definitions and some helper functions.
val pp_key_exchange_algorithm :
diff --git a/doc/tls/Tls/Config/Ciphers/index.html b/doc/tls/Tls/Config/Ciphers/index.html
index f253fa8c..0804037e 100644
--- a/doc/tls/Tls/Config/Ciphers/index.html
+++ b/doc/tls/Tls/Config/Ciphers/index.html
@@ -1,2 +1,2 @@
-Ciphers (tls.Tls.Config.Ciphers) Module Config.Ciphers
Cipher selection
Cipher selection related utilities.
Cipher selection
val default : Ciphersuite.ciphersuite listdefault is a list of ciphersuites this library uses by default.
val supported : Ciphersuite.ciphersuite listsupported is a list of ciphersuites this library supports (larger than default).
val fs : Ciphersuite.ciphersuite listfs is a list of ciphersuites which provide forward secrecy (sublist of default).
val http2 : Ciphersuite.ciphersuite listhttp2 is a list of ciphersuites which are allowed to be used with HTTP2: not a member of bad cipher suites. These are only ephemeral key exchanges with AEAD ciphers.
val fs_of : Ciphersuite.ciphersuite list -> Ciphersuite.ciphersuite listfs_of ciphers selects all ciphersuites which provide forward secrecy from ciphers.
+Ciphers (tls.Tls.Config.Ciphers) Module Config.Ciphers
Cipher selection
Cipher selection related utilities.
Cipher selection
val default : Ciphersuite.ciphersuite listdefault is a list of ciphersuites this library uses by default.
val supported : Ciphersuite.ciphersuite listsupported is a list of ciphersuites this library supports (larger than default).
val fs : Ciphersuite.ciphersuite listfs is a list of ciphersuites which provide forward secrecy (sublist of default).
val http2 : Ciphersuite.ciphersuite listhttp2 is a list of ciphersuites which are allowed to be used with HTTP2: not a member of bad cipher suites. These are only ephemeral key exchanges with AEAD ciphers.
val fs_of : Ciphersuite.ciphersuite list -> Ciphersuite.ciphersuite listfs_of ciphers selects all ciphersuites which provide forward secrecy from ciphers.
diff --git a/doc/tls/Tls/Config/index.html b/doc/tls/Tls/Config/index.html
index 669270b1..ca8d99b0 100644
--- a/doc/tls/Tls/Config/index.html
+++ b/doc/tls/Tls/Config/index.html
@@ -1,5 +1,5 @@
-Config (tls.Tls.Config) Module Tls.Config
Configuration of the TLS stack
Config type
certificate chain and private key of the first certificate
type own_cert = [ | `None| `Single of certchain| `Multiple of certchain list| `Multiple_default of certchain * certchain list
]polymorphic variant of own certificates
type session_cache = Core.SessionID.t -> Core.epoch_data optiontype ticket_cache = {lookup : Cstruct.t -> (Core.psk13 * Core.epoch_data) option;ticket_granted : Core.psk13 -> Core.epoch_data -> unit;lifetime : int32;timestamp : unit -> Ptime.t;
}type config = private {ciphers : Ciphersuite.ciphersuite list;(*ordered list (regarding preference) of supported cipher suites
*)protocol_versions : Core.tls_version * Core.tls_version;(*supported protocol versions (min, max)
*)signature_algorithms : Core.signature_algorithm list;(*ordered list of supported signature algorithms (regarding preference)
*)use_reneg : bool;(*endpoint should accept renegotiation requests
*)authenticator : X509.Authenticator.t option;(*optional X509 authenticator
*)peer_name : [ `host ] Domain_name.t option;(*optional name of other endpoint (used for SNI RFC4366)
*)own_certificates : own_cert;(*optional default certificate chain and other certificate chains
*)acceptable_cas : X509.Distinguished_name.t list;(*ordered list of acceptable certificate authorities
*)session_cache : session_cache;ticket_cache : ticket_cache option;cached_session : Core.epoch_data option;cached_ticket : (Core.psk13 * Core.epoch_data) option;alpn_protocols : string list;(*optional ordered list of accepted alpn_protocols
*)groups : Core.group list;(*the first FFDHE will be used for TLS 1.2 and below if a DHE ciphersuite is used
*)zero_rtt : int32;ip : Ipaddr.t option;
}configuration parameters
val ciphers13 : config -> Ciphersuite.ciphersuite13 listciphers13 config are the ciphersuites for TLS 1.3 in the configuration.
Constructors
val client :
+Config (tls.Tls.Config) Module Tls.Config
Configuration of the TLS stack
Config type
certificate chain and private key of the first certificate
type own_cert = [ | `None| `Single of certchain| `Multiple of certchain list| `Multiple_default of certchain * certchain list
]polymorphic variant of own certificates
type session_cache = Core.SessionID.t -> Core.epoch_data optiontype ticket_cache = {lookup : Cstruct.t -> (Core.psk13 * Core.epoch_data) option;ticket_granted : Core.psk13 -> Core.epoch_data -> unit;lifetime : int32;timestamp : unit -> Ptime.t;
}type config = private {ciphers : Ciphersuite.ciphersuite list;(*ordered list (regarding preference) of supported cipher suites
*)protocol_versions : Core.tls_version * Core.tls_version;(*supported protocol versions (min, max)
*)signature_algorithms : Core.signature_algorithm list;(*ordered list of supported signature algorithms (regarding preference)
*)use_reneg : bool;(*endpoint should accept renegotiation requests
*)authenticator : X509.Authenticator.t option;(*optional X509 authenticator
*)peer_name : [ `host ] Domain_name.t option;(*optional name of other endpoint (used for SNI RFC4366)
*)own_certificates : own_cert;(*optional default certificate chain and other certificate chains
*)acceptable_cas : X509.Distinguished_name.t list;(*ordered list of acceptable certificate authorities
*)session_cache : session_cache;ticket_cache : ticket_cache option;cached_session : Core.epoch_data option;cached_ticket : (Core.psk13 * Core.epoch_data) option;alpn_protocols : string list;(*optional ordered list of accepted alpn_protocols
*)groups : Core.group list;(*the first FFDHE will be used for TLS 1.2 and below if a DHE ciphersuite is used
*)zero_rtt : int32;ip : Ipaddr.t option;
}configuration parameters
val ciphers13 : config -> Ciphersuite.ciphersuite13 listciphers13 config are the ciphersuites for TLS 1.3 in the configuration.
Constructors
val client :
authenticator:X509.Authenticator.t ->
?peer_name:[ `host ] Domain_name.t ->
?ciphers:Ciphersuite.ciphersuite list ->
diff --git a/doc/tls/Tls/Core/PreSharedKeyID/index.html b/doc/tls/Tls/Core/PreSharedKeyID/index.html
index 306f43d2..b3fe2f02 100644
--- a/doc/tls/Tls/Core/PreSharedKeyID/index.html
+++ b/doc/tls/Tls/Core/PreSharedKeyID/index.html
@@ -1,2 +1,2 @@
-PreSharedKeyID (tls.Tls.Core.PreSharedKeyID) Module Core.PreSharedKeyID
PreSharedKeyID (tls.Tls.Core.PreSharedKeyID) Module Core.PreSharedKeyID
SessionID (tls.Tls.Core.SessionID) Module Core.SessionID
SessionID (tls.Tls.Core.SessionID) Module Core.SessionID
Tracing (tls.Tls.Core.Tracing) Module Core.Tracing
include Logs.LOG
val on_error :
+Tracing (tls.Tls.Core.Tracing) Module Core.Tracing
include Logs.LOG
val on_error :
?level:Logs.level ->
?header:string ->
?tags:Logs.Tag.set ->
diff --git a/doc/tls/Tls/Core/index.html b/doc/tls/Tls/Core/index.html
index 658cdcea..bc4d96fe 100644
--- a/doc/tls/Tls/Core/index.html
+++ b/doc/tls/Tls/Core/index.html
@@ -1,5 +1,5 @@
-Core (tls.Tls.Core) Module Tls.Core
Core type definitions
val let* :
+Core (tls.Tls.Core) Module Tls.Core
Core type definitions
type client_extension = [ | `Hostname of [ `host ] Domain_name.t| `MaxFragmentLength of Packet.max_fragment_length| `SupportedGroups of Packet.named_group list| `SecureRenegotiation of Cstruct.t| `Padding of int| `SignatureAlgorithms of signature_algorithm list| `ExtendedMasterSecret| `ALPN of string list| `EarlyDataIndication| `SupportedVersions of tls_any_version list| `PostHandshakeAuthentication| `Cookie of Cstruct.t| `PskKeyExchangeModes of Packet.psk_key_exchange_mode list| `ECPointFormats| `UnknownExtension of int * Cstruct.t
]type server_extension = [ | server13_extension| `Hostname| `MaxFragmentLength of Packet.max_fragment_length| `SecureRenegotiation of Cstruct.t| `ExtendedMasterSecret| `ALPN of string| `ECPointFormats| `UnknownExtension of int * Cstruct.t
]type encrypted_extension = [ | `Hostname| `MaxFragmentLength of Packet.max_fragment_length| `SupportedGroups of group list| `ALPN of string| `EarlyDataIndication| `UnknownExtension of int * Cstruct.t
]type hello_retry_extension = [ | `SelectedGroup of group| `Cookie of Cstruct.t| `SelectedVersion of tls_version| `UnknownExtension of int * Cstruct.t
]type client_hello = {client_version : tls_any_version;client_random : Cstruct.t;sessionid : SessionID.t option;ciphersuites : Packet.any_ciphersuite list;extensions : client_extension list;
}type server_hello = {server_version : tls_version;server_random : Cstruct.t;sessionid : SessionID.t option;ciphersuite : Ciphersuite.ciphersuite;extensions : server_extension list;
}type hello_retry = {retry_version : tls_version;ciphersuite : Ciphersuite.ciphersuite13;sessionid : SessionID.t option;selected_group : group;extensions : hello_retry_extension list;
}type session_ticket = {lifetime : int32;age_add : int32;nonce : Cstruct.t;ticket : Cstruct.t;extensions : session_ticket_extension list;
}type certificate_request_extension = [ | `SignatureAlgorithms of signature_algorithm list| `CertificateAuthorities of X509.Distinguished_name.t list| `UnknownExtension of int * Cstruct.t
]type tls_handshake = | HelloRequest| HelloRetryRequest of hello_retry| EncryptedExtensions of encrypted_extension list| ServerHelloDone| ClientHello of client_hello| ServerHello of server_hello| Certificate of Cstruct.t| ServerKeyExchange of Cstruct.t| CertificateRequest of Cstruct.t| ClientKeyExchange of Cstruct.t| CertificateVerify of Cstruct.t| Finished of Cstruct.t| SessionTicket of session_ticket| KeyUpdate of Packet.key_update_request_type| EndOfEarlyData
val pp_handshake : Stdlib.Format.formatter -> tls_handshake -> unitmodule Tracing : sig ... endtype tls_alert = Packet.alert_level * Packet.alert_typetype epoch_data = {side : [ `Client | `Server ];state : epoch_state;protocol_version : tls_version;ciphersuite : Ciphersuite.ciphersuite;peer_random : Cstruct.t;peer_certificate_chain : X509.Certificate.t list;peer_certificate : X509.Certificate.t option;peer_name : [ `host ] Domain_name.t option;trust_anchor : X509.Certificate.t option;received_certificates : X509.Certificate.t list;own_random : Cstruct.t;own_certificate : X509.Certificate.t list;own_private_key : X509.Private_key.t option;own_name : [ `host ] Domain_name.t option;master_secret : master_secret;exporter_master_secret : master_secret;session_id : SessionID.t;extended_ms : bool;alpn_protocol : string option;
}information about an open session
type client_extension = [ | `Hostname of [ `host ] Domain_name.t| `MaxFragmentLength of Packet.max_fragment_length| `SupportedGroups of Packet.named_group list| `SecureRenegotiation of Cstruct.t| `Padding of int| `SignatureAlgorithms of signature_algorithm list| `ExtendedMasterSecret| `ALPN of string list| `EarlyDataIndication| `SupportedVersions of tls_any_version list| `PostHandshakeAuthentication| `Cookie of Cstruct.t| `PskKeyExchangeModes of Packet.psk_key_exchange_mode list| `ECPointFormats| `UnknownExtension of int * Cstruct.t
]type server_extension = [ | server13_extension| `Hostname| `MaxFragmentLength of Packet.max_fragment_length| `SecureRenegotiation of Cstruct.t| `ExtendedMasterSecret| `ALPN of string| `ECPointFormats| `UnknownExtension of int * Cstruct.t
]type encrypted_extension = [ | `Hostname| `MaxFragmentLength of Packet.max_fragment_length| `SupportedGroups of group list| `ALPN of string| `EarlyDataIndication| `UnknownExtension of int * Cstruct.t
]type hello_retry_extension = [ | `SelectedGroup of group| `Cookie of Cstruct.t| `SelectedVersion of tls_version| `UnknownExtension of int * Cstruct.t
]type client_hello = {client_version : tls_any_version;client_random : Cstruct.t;sessionid : SessionID.t option;ciphersuites : Packet.any_ciphersuite list;extensions : client_extension list;
}type server_hello = {server_version : tls_version;server_random : Cstruct.t;sessionid : SessionID.t option;ciphersuite : Ciphersuite.ciphersuite;extensions : server_extension list;
}type hello_retry = {retry_version : tls_version;ciphersuite : Ciphersuite.ciphersuite13;sessionid : SessionID.t option;selected_group : group;extensions : hello_retry_extension list;
}type session_ticket = {lifetime : int32;age_add : int32;nonce : Cstruct.t;ticket : Cstruct.t;extensions : session_ticket_extension list;
}type certificate_request_extension = [ | `SignatureAlgorithms of signature_algorithm list| `CertificateAuthorities of X509.Distinguished_name.t list| `UnknownExtension of int * Cstruct.t
]type tls_handshake = | HelloRequest| HelloRetryRequest of hello_retry| EncryptedExtensions of encrypted_extension list| ServerHelloDone| ClientHello of client_hello| ServerHello of server_hello| Certificate of Cstruct.t| ServerKeyExchange of Cstruct.t| CertificateRequest of Cstruct.t| ClientKeyExchange of Cstruct.t| CertificateVerify of Cstruct.t| Finished of Cstruct.t| SessionTicket of session_ticket| KeyUpdate of Packet.key_update_request_type| EndOfEarlyData
val pp_handshake : Stdlib.Format.formatter -> tls_handshake -> unitmodule Tracing : sig ... endtype tls_alert = Packet.alert_level * Packet.alert_typetype epoch_data = {side : [ `Client | `Server ];state : epoch_state;protocol_version : tls_version;ciphersuite : Ciphersuite.ciphersuite;peer_random : Cstruct.t;peer_certificate_chain : X509.Certificate.t list;peer_certificate : X509.Certificate.t option;peer_name : [ `host ] Domain_name.t option;trust_anchor : X509.Certificate.t option;received_certificates : X509.Certificate.t list;own_random : Cstruct.t;own_certificate : X509.Certificate.t list;own_private_key : X509.Private_key.t option;own_name : [ `host ] Domain_name.t option;master_secret : master_secret;exporter_master_secret : master_secret;session_id : SessionID.t;extended_ms : bool;alpn_protocol : string option;tls_unique : Cstruct.t option;
}information about an open session
val supports_key_usage :
?not_present:bool ->
X509.Extension.key_usage ->
X509.Certificate.t ->
diff --git a/doc/tls/Tls/Crypto/Ciphers/index.html b/doc/tls/Tls/Crypto/Ciphers/index.html
index 11e95863..fc7bd6af 100644
--- a/doc/tls/Tls/Crypto/Ciphers/index.html
+++ b/doc/tls/Tls/Crypto/Ciphers/index.html
@@ -1,5 +1,5 @@
-Ciphers (tls.Tls.Crypto.Ciphers) Module Crypto.Ciphers
val get_block : Ciphersuite.block_cipher -> keyedval get_aead : Ciphersuite.aead_cipher -> aead_keyedval get_aead_cipher :
+Ciphers (tls.Tls.Crypto.Ciphers) Module Crypto.Ciphers
val get_block : Ciphersuite.block_cipher -> keyedval get_aead : Ciphersuite.aead_cipher -> aead_keyedval get_aead_cipher :
secret:Cstruct.t ->
nonce:State.nonce ->
Ciphersuite.aead_cipher ->
diff --git a/doc/tls/Tls/Crypto/index.html b/doc/tls/Tls/Crypto/index.html
index e3b63b65..5aeb0af7 100644
--- a/doc/tls/Tls/Crypto/index.html
+++ b/doc/tls/Tls/Crypto/index.html
@@ -1,5 +1,5 @@
-Crypto (tls.Tls.Crypto) Module Tls.Crypto
val dh_params_pack :
+Crypto (tls.Tls.Crypto) Module Tls.Crypto
val dh_params_pack :
Mirage_crypto_pk.Dh.group ->
Cstruct.t ->
Core.dh_parametersval dh_params_unpack :
diff --git a/doc/tls/Tls/Engine/index.html b/doc/tls/Tls/Engine/index.html
index 15554e5b..8d83199e 100644
--- a/doc/tls/Tls/Engine/index.html
+++ b/doc/tls/Tls/Engine/index.html
@@ -1,5 +1,5 @@
-Engine (tls.Tls.Engine) Module Tls.Engine
Transport layer security
TLS is an implementation of transport layer security in OCaml. TLS is a widely used security protocol which establishes an end-to-end secure channel (with optional (mutual) authentication) between two endpoints. It uses TCP/IP as transport. This library supports all four versions of TLS: 1.3, RFC8446, 1.2, RFC5246, 1.1, RFC4346, and 1.0, RFC2246. SSL, the previous protocol definition, is not supported.
TLS is algorithmically agile: protocol version, key exchange algorithm, symmetric cipher, and message authentication code are negotiated upon connection.
This library implements several extensions of TLS, AES ciphers, TLS extensions (such as server name indication, SNI), Renegotiation extension, Session Hash and Extended Master Secret Extension.
This library does not contain insecure cipher suites (such as single DES, export ciphers, ...). It does not expose the server time in the server random, requires secure renegotiation.
This library consists of a core, implemented in a purely functional matter (Engine, this module), and effectful parts: Tls_lwt and Tls_mirage.
v0.17.4
Abstract state type
Constructors
val client : Config.client -> state * Cstruct.tclient client is tls * out where tls is the initial state, and out the initial client hello
val server : Config.server -> stateserver server is tls where tls is the initial server state
Protocol failures
type error = [ | `AuthenticationFailure of X509.Validation.validation_error| `NoConfiguredCiphersuite of Ciphersuite.ciphersuite list| `NoConfiguredVersions of Core.tls_version list| `NoConfiguredSignatureAlgorithm of Core.signature_algorithm list| `NoMatchingCertificateFound of string| `NoCertificateConfigured| `CouldntSelectCertificate
]failures which can be mitigated by reconfiguration
type client_hello_errors = [ | `EmptyCiphersuites| `NotSetCiphersuites of Packet.any_ciphersuite list| `NoSupportedCiphersuite of Packet.any_ciphersuite list| `NotSetExtension of Core.client_extension list| `NoSignatureAlgorithmsExtension| `NoGoodSignatureAlgorithms of Core.signature_algorithm list| `NoSupportedGroupExtension| `NotSetSupportedGroup of Packet.named_group list
export_key_material epoch_data ?context label length is the RFC 5705 exported key material of length bytes using label and, if provided, context.
val channel_binding :
+ Core.epoch_data ->
+ [ `Tls_exporter | `Tls_unique | `Tls_server_endpoint ] ->
+ (Cstruct.t, [ `Msg of string ]) Stdlib.resultchannel_binding epoch_data mode is the RFC 5929 and RFC 9266 specified channel binding. Please note that `Tls_unique will error for TLS 1.3 sessions, and `Tls_exporter is not recommended for TLS < 1.3 sessions (unless the uniqueness is ensured via another path).
diff --git a/doc/tls/Tls/Explorator/index.html b/doc/tls/Tls/Explorator/index.html
index 82da47e5..15bab10b 100644
--- a/doc/tls/Tls/Explorator/index.html
+++ b/doc/tls/Tls/Explorator/index.html
@@ -1,2 +1,2 @@
-Explorator (tls.Tls.Explorator) Module Tls.Explorator
Explorator (tls.Tls.Explorator) Module Tls.Explorator
Handshake_client (tls.Tls.Handshake_client) Module Tls.Handshake_client
val default_client_hello :
+Handshake_client (tls.Tls.Handshake_client) Module Tls.Handshake_client
val default_client_hello :
Config.config ->
Core.client_hello * Core.tls_version * (Core.group * State.dh_secret) listval handle_change_cipher_spec :
State.client_handshake_state ->
diff --git a/doc/tls/Tls/Handshake_client13/index.html b/doc/tls/Tls/Handshake_client13/index.html
index 98360ea4..7a15810b 100644
--- a/doc/tls/Tls/Handshake_client13/index.html
+++ b/doc/tls/Tls/Handshake_client13/index.html
@@ -1,5 +1,5 @@
-Handshake_client13 (tls.Tls.Handshake_client13) Module Tls.Handshake_client13
val answer_server_hello :
+Handshake_client13 (tls.Tls.Handshake_client13) Module Tls.Handshake_client13
val answer_server_hello :
State.handshake_state ->
Core.client_hello ->
Core.server_hello ->
diff --git a/doc/tls/Tls/Handshake_common/Group/index.html b/doc/tls/Tls/Handshake_common/Group/index.html
index e973b447..08f837b0 100644
--- a/doc/tls/Tls/Handshake_common/Group/index.html
+++ b/doc/tls/Tls/Handshake_common/Group/index.html
@@ -1,2 +1,2 @@
-Group (tls.Tls.Handshake_common.Group) Module Handshake_common.Group
type t = Packet.named_group
+Group (tls.Tls.Handshake_common.Group) Module Handshake_common.Group
type t = Packet.named_group
diff --git a/doc/tls/Tls/Handshake_common/GroupSet/index.html b/doc/tls/Tls/Handshake_common/GroupSet/index.html
index 376b0fac..22212bae 100644
--- a/doc/tls/Tls/Handshake_common/GroupSet/index.html
+++ b/doc/tls/Tls/Handshake_common/GroupSet/index.html
@@ -1,2 +1,2 @@
-GroupSet (tls.Tls.Handshake_common.GroupSet) Module Handshake_common.GroupSet
GroupSet (tls.Tls.Handshake_common.GroupSet) Module Handshake_common.GroupSet
Handshake_common (tls.Tls.Handshake_common) Module Tls.Handshake_common
val trace_cipher :
+Handshake_common (tls.Tls.Handshake_common) Module Tls.Handshake_common
val trace_cipher :
[< `AES_128_CCM_SHA256
| `AES_128_GCM_SHA256
| `AES_256_GCM_SHA384
diff --git a/doc/tls/Tls/Handshake_crypto/index.html b/doc/tls/Tls/Handshake_crypto/index.html
index 07fd00c8..264d8504 100644
--- a/doc/tls/Tls/Handshake_crypto/index.html
+++ b/doc/tls/Tls/Handshake_crypto/index.html
@@ -1,5 +1,5 @@
-Handshake_crypto (tls.Tls.Handshake_crypto) Module Tls.Handshake_crypto
val derive_master_secret :
+Handshake_crypto (tls.Tls.Handshake_crypto) Module Tls.Handshake_crypto
val derive_master_secret :
Core.tls_before_13 ->
State.session_data ->
Cstruct.t ->
diff --git a/doc/tls/Tls/Handshake_crypto13/index.html b/doc/tls/Tls/Handshake_crypto13/index.html
index 47a1a7bf..e33a9606 100644
--- a/doc/tls/Tls/Handshake_crypto13/index.html
+++ b/doc/tls/Tls/Handshake_crypto13/index.html
@@ -1,5 +1,5 @@
-Handshake_crypto13 (tls.Tls.Handshake_crypto13) Module Tls.Handshake_crypto13