Merge pull request #168 from vdukhovni/enable-sha384-ciphers

Enable sha384 ciphers

core/Network/TLS/Cipher.hs

@@ -125,6 +125,7 @@ data Cipher = Cipher
     , cipherBulk         :: Bulk
     , cipherKeyExchange  :: CipherKeyExchangeType
     , cipherMinVer       :: Maybe Version
+    , cipherPRFHash      :: Maybe Hash
     }
 
 cipherKeyBlockSize :: Cipher -> Int

core/Network/TLS/Context.hs

@@ -122,13 +122,16 @@ instance TLSParams ServerParams where
                         CipherKeyExchange_DHE_RSA     -> canSignRSA && canDHE
                         CipherKeyExchange_DHE_DSS     -> canSignDSS && canDHE
                         CipherKeyExchange_ECDHE_RSA   -> canSignRSA
-                        -- unimplemented: non ephemeral DH
+                        -- unimplemented: EC
+                        CipherKeyExchange_ECDHE_ECDSA -> False
+                        -- unimplemented: non ephemeral DH & ECDH.
+                        -- Note, these *should not* be implemented, and have
+                        -- (for example) been removed in OpenSSL 1.1.0
+                        --
                         CipherKeyExchange_DH_DSS      -> False
                         CipherKeyExchange_DH_RSA      -> False
-                        -- unimplemented: EC
                         CipherKeyExchange_ECDH_ECDSA  -> False
                         CipherKeyExchange_ECDH_RSA    -> False
-                        CipherKeyExchange_ECDHE_ECDSA -> False
 
                 canDHE        = isJust $ serverDHEParams sparams
                 canSignDSS    = SignatureDSS `elem` signingAlgs

core/Network/TLS/Extension.hs

@@ -270,7 +270,7 @@ data BrainPoolCurve =
     deriving (Show,Eq)
 
 availableEllipticCurves :: [NamedCurve]
-availableEllipticCurves = [SEC SEC_p256r1, SEC SEC_p521r1]
+availableEllipticCurves = [SEC SEC_p256r1, SEC SEC_p384r1, SEC SEC_p521r1]
 
 instance EnumSafe16 NamedCurve where
     fromEnumSafe16 NamedCurve_arbitrary_explicit_prime_curves = 0xFF01