Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS is only supported by HsOpenSSL #276

Open
technotive opened this issue Apr 5, 2018 · 3 comments
Open

TLS is only supported by HsOpenSSL #276

technotive opened this issue Apr 5, 2018 · 3 comments

Comments

@technotive
Copy link

I have seen too many hacky solutions to get HsOpenSSL working under windows. Instead of arguing why HsOpenSSL is still a good choice (On linux I am surte it's not quite as cumbersome) could we maybe get an option to swap it with https://hackage.haskell.org/package/tls ?
@mightybyte
Copy link
Member

The tls package brings with it a significantly bigger dependency tree than HsOpenSSL, so I'm reluctant to make that switch because that would bring a sizable amount of risk. Also, in practice people usually tend to use a third-party proxy like nginx to handle SSL support. What is it about HsOpenSSL that is harder to get working on Windows than tls?

@technotive
Copy link
Author

technotive commented Apr 5, 2018
edited

HsOpenSSL directly depends on the dev libraries of OpenSSL (on debian-flavours: apt-get install openssl-dev I think). However, HsOpenSSL expects a certain format for the includes and libraries (specific names and such) so even getting a version for windows like this one does not work unles it is exactly as HsOpenSSL expects it to be (Unles you manually compile HsOpenSSL with modified dependencies)

While some of the given solutions (like the manual compile) might work, suppose I want to upgrade my OpenSSL version to patch something up (worst case scenario, some other heartbeat level trouble) I would have to go all the way back and get a new OpenSSL for windows, then recompile HsOpenSSL, then recompile my own project, everytime...

Actually, having written this that my trouble could be solved in another way:
If I can somehow stub or fake having HsOpenSSL on Windows, just for testing purposes that would be good because then atleast I would know that TLS once I upload it and start using it for real.

p.s.
This whole search started with me trying to figure out how to check if Snap supported TLS1.2 and just not getting any SSL working at all.

EDIT: Thanks for the tip about nginx, btw, I had not considered it yet since it seemed cool to have everything in one package (not lookign to build abig site as of yet)

@mulderr
Copy link
Contributor

mulderr commented Apr 12, 2018

Just to make it super clear, you don't necessarily need a big site to use a reverse proxy. I have an app for just a few internal users but in production I still run it from behind nginx. It's really straightforward to set up, lightweight and you get a lot of flexibility for free - for example you can serve static resources directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mightybyte @mulderr @technotive