TLSSettingsSimple is too simple, TLSSettings is unwieldy

[madjar]

Hello

When trying to communicated with my crummy server, I have to force the use of TLS10. Since it is not possible to do so with TLSSettingsSimple, I use the full TLSSettings (the one with a ClientParams). However, to make it work, there's quite a lot of setup that I could only discover by reading the source code, to find out how a ClientParams is created from a TLSSettingsSimple.

The result to for supportedVersions(and disable certificate validation) looks like the following, which is kind of horrible:

        tlsSettings = TLSSettings clientParams
        clientParams = (defaultParamsClient "" "")
                         { clientSupported = def { supportedVersions = [TLS10], supportedCiphers = ciphersuite_all}
                         , clientShared = def {
                             --sharedCAStore = globalCertificateStore context
                             sharedValidationCache = validationCache
                                              }}
        validationCache = TLS.ValidationCache (\_ _ _ -> return TLS.ValidationCachePass)
                                    (\_ _ _ -> return ())

I was thinking about adding an extra field with type ClientParams -> ClientParams to TLSSettingsSimple, for extra customization. If you consider it a good idea, I'll send a pull request.

Thanks a lot!

[vincenthz]

yes, this is unnecessarily complex to set anything that should be simple (override version, or set certificate exception), however for API need to be kept as is.

I think the best is to create a new value, which would allow a bit more configuration than the simple, but doesn't expose a full TLSSetting.