From 3e7aea986be978f9e4732b6e85249779d62c661f Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin Date: Tue, 2 Sep 2025 08:49:45 +0100 Subject: [PATCH 1/5] upgrade tls --- cabal.project | 2 +- simplexmq.cabal | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cabal.project b/cabal.project index 924f09c9e..011caed1e 100644 --- a/cabal.project +++ b/cabal.project @@ -13,7 +13,7 @@ packages: . -- coverage: False -- library-coverage: False -index-state: 2023-12-12T00:00:00Z +index-state: 2025-07-01T00:00:00Z package cryptostore flags: +use_crypton diff --git a/simplexmq.cabal b/simplexmq.cabal index cdbd72c52..5e436f8db 100644 --- a/simplexmq.cabal +++ b/simplexmq.cabal @@ -1,7 +1,7 @@ cabal-version: 1.12 name: simplexmq -version: 6.4.5.0 +version: 6.4.4.1 synopsis: SimpleXMQ message broker description: This package includes <./docs/Simplex-Messaging-Server.html server>, <./docs/Simplex-Messaging-Client.html client> and @@ -319,7 +319,7 @@ library , stm ==2.5.* , time ==1.12.* , time-manager ==0.0.* - , tls >=1.9.0 && <1.10 + , tls ==2.1.8.* , transformers ==0.6.* , unliftio ==0.2.* , unliftio-core ==0.2.* From 5ab13ad401eeb48a7e3b7f599bcd1561c11f8de1 Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin Date: Tue, 2 Sep 2025 10:00:58 +0100 Subject: [PATCH 2/5] upgrade tls package to 2.1.8 --- src/Simplex/Messaging/Transport.hs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Simplex/Messaging/Transport.hs b/src/Simplex/Messaging/Transport.hs index 0b2eb3b75..1c00ec261 100644 --- a/src/Simplex/Messaging/Transport.hs +++ b/src/Simplex/Messaging/Transport.hs @@ -132,6 +132,7 @@ import GHC.IO.Handle.Internals (ioe_EOF) import Network.Socket import qualified Network.TLS as T import qualified Network.TLS.Extra as TE +import qualified Network.TLS.Internal as TI import qualified Paths_simplexmq as SMQ import qualified Simplex.Messaging.Crypto as C import Simplex.Messaging.Encoding @@ -369,7 +370,7 @@ getTLS cfg tlsCertSent tlsPeerCert cxt = withTlsUnique @TLS @p cxt newTLS withTlsUnique :: forall c p. TransportPeerI p => T.Context -> (ByteString -> IO (c p)) -> IO (c p) withTlsUnique cxt f = cxtFinished cxt - >>= maybe (closeTLS cxt >> ioe_EOF) f + >>= maybe (closeTLS cxt >> ioe_EOF) (\(TI.VerifyData d) -> f d) where cxtFinished = case sTransportPeer @p of STServer -> T.getPeerFinished @@ -386,8 +387,8 @@ defaultSupportedParams = def { T.supportedVersions = [T.TLS13, T.TLS12], T.supportedCiphers = - [ TE.cipher_TLS13_CHACHA20POLY1305_SHA256, -- for TLS13 - TE.cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 -- for TLS12 + [ TE.cipher13_CHACHA20_POLY1305_SHA256, -- for TLS13 + TE.cipher_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -- for TLS12 ], T.supportedHashSignatures = [(T.HashIntrinsic, T.SignatureEd448), (T.HashIntrinsic, T.SignatureEd25519)], T.supportedGroups = [T.X448, T.X25519], From b47b3ad47dcb4066561fecd74ff3e43848a96cf5 Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin Date: Tue, 2 Sep 2025 12:19:01 +0100 Subject: [PATCH 3/5] 2.1.6 --- simplexmq.cabal | 2 +- src/Simplex/Messaging/Transport.hs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/simplexmq.cabal b/simplexmq.cabal index 5e436f8db..b1932ffaf 100644 --- a/simplexmq.cabal +++ b/simplexmq.cabal @@ -319,7 +319,7 @@ library , stm ==2.5.* , time ==1.12.* , time-manager ==0.0.* - , tls ==2.1.8.* + , tls ==2.1.6.* , transformers ==0.6.* , unliftio ==0.2.* , unliftio-core ==0.2.* diff --git a/src/Simplex/Messaging/Transport.hs b/src/Simplex/Messaging/Transport.hs index 1c00ec261..a95b68280 100644 --- a/src/Simplex/Messaging/Transport.hs +++ b/src/Simplex/Messaging/Transport.hs @@ -387,8 +387,8 @@ defaultSupportedParams = def { T.supportedVersions = [T.TLS13, T.TLS12], T.supportedCiphers = - [ TE.cipher13_CHACHA20_POLY1305_SHA256, -- for TLS13 - TE.cipher_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -- for TLS12 + [ TE.cipher_TLS13_CHACHA20POLY1305_SHA256, -- for TLS13 + TE.cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 -- for TLS12 ], T.supportedHashSignatures = [(T.HashIntrinsic, T.SignatureEd448), (T.HashIntrinsic, T.SignatureEd25519)], T.supportedGroups = [T.X448, T.X25519], From 9ff8c48862644ed36fe6b4313b81275a9aca7b98 Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin Date: Sun, 7 Sep 2025 10:33:42 +0100 Subject: [PATCH 4/5] test 2.1.11 --- cabal.project | 6 ++++++ simplexmq.cabal | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/cabal.project b/cabal.project index 011caed1e..d7d2d5167 100644 --- a/cabal.project +++ b/cabal.project @@ -51,3 +51,9 @@ source-repository-package location: https://github.com/simplex-chat/wai.git tag: 2f6e5aa5f05ba9140ac99e195ee647b4f7d926b0 subdir: warp + +source-repository-package + type: git + location: https://github.com/kazu-yamamoto/hs-tls.git + tag: b76cc18fbcc6edaec27c6727377b603fa9cf59ae + subdir: tls diff --git a/simplexmq.cabal b/simplexmq.cabal index f72c9cc7d..007610745 100644 --- a/simplexmq.cabal +++ b/simplexmq.cabal @@ -293,7 +293,7 @@ library , composition ==1.0.* , constraints >=0.12 && <0.14 , containers ==0.6.* - , crypton ==0.34.* + , crypton ==1.0.* , crypton-x509 ==1.7.* , crypton-x509-store ==1.6.* , crypton-x509-validation ==1.6.* @@ -319,7 +319,7 @@ library , stm ==2.5.* , time ==1.12.* , time-manager ==0.0.* - , tls ==2.1.6.* + , tls ==2.1.11.* , transformers ==0.6.* , unliftio ==0.2.* , unliftio-core ==0.2.* From cdd2edb11fb56db9059173af20766c0d3928205d Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin Date: Sun, 7 Sep 2025 12:31:08 +0100 Subject: [PATCH 5/5] bisecting tls 2.1.6-2.1.7 --- cabal.project | 6 ++++-- simplexmq.cabal | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/cabal.project b/cabal.project index d7d2d5167..78e1e14d3 100644 --- a/cabal.project +++ b/cabal.project @@ -54,6 +54,8 @@ source-repository-package source-repository-package type: git - location: https://github.com/kazu-yamamoto/hs-tls.git - tag: b76cc18fbcc6edaec27c6727377b603fa9cf59ae + location: https://github.com/haskell-tls/hs-tls.git + tag: 7f060799ea762c5d7ff058d264dae5f0294fac79 +-- passes 7f060799ea762c5d7ff058d264dae5f0294fac79 +-- fails 1927590272ada1e0a32c29ca29ae9cc8d5ed3595 subdir: tls diff --git a/simplexmq.cabal b/simplexmq.cabal index 007610745..71e23b666 100644 --- a/simplexmq.cabal +++ b/simplexmq.cabal @@ -319,7 +319,7 @@ library , stm ==2.5.* , time ==1.12.* , time-manager ==0.0.* - , tls ==2.1.11.* + , tls ==2.1.6.* , transformers ==0.6.* , unliftio ==0.2.* , unliftio-core ==0.2.*