diff --git a/services/spar/package.yaml b/services/spar/package.yaml index 3f2c32f39b1..19dc2dce250 100644 --- a/services/spar/package.yaml +++ b/services/spar/package.yaml @@ -23,7 +23,7 @@ dependencies: - bytestring-conversion - case-insensitive - cassandra-util - - connection + - connection >= 0.3 - containers - cookie - cryptonite @@ -51,6 +51,7 @@ dependencies: - text - time - tinylog + - tls - transformers - types-common - uri-bytestring diff --git a/services/spar/src/Spar/Run.hs b/services/spar/src/Spar/Run.hs index 000085e6e2c..51ff644f80e 100644 --- a/services/spar/src/Spar/Run.hs +++ b/services/spar/src/Spar/Run.hs @@ -43,6 +43,7 @@ import qualified Cassandra.Schema as Cas import qualified Cassandra.Settings as Cas import qualified Network.Connection as TLS import qualified Network.HTTP.Client.TLS as TLS +import qualified Network.TLS.Extra.Cipher as TLS import qualified Network.Wai.Handler.Warp as Warp import qualified Network.Wai.Utilities.Server as WU import qualified SAML2.WebSSO as SAML @@ -127,6 +128,7 @@ sparManager disableCertificateValidation = newManager (TLS.mkManagerSettings tls where tlss = TLS.TLSSettingsSimple { TLS.settingDisableCertificateValidation = disableCertificateValidation + , TLS.settingSupportedCiphers = TLS.ciphersuite_default -- this is why we are pinned to https://github.com/vincenthz/hs-connection/pull/34 , TLS.settingDisableSession = False , TLS.settingUseServerName = False } diff --git a/stack.yaml b/stack.yaml index 19a67b0f1b7..c3b8b4f1f6a 100644 --- a/stack.yaml +++ b/stack.yaml @@ -78,6 +78,10 @@ packages: git: https://github.com/wireapp/hspec-wai commit: ca10d13deab929f1cc3a569abea2e7fbe35fdbe3 # https://github.com/hspec/hspec-wai/pull/49 extra-dep: true +- location: + git: https://github.com/wireapp/hs-connection + commit: efa861d210eec95a4124a1c961bf961694539fa9 # https://github.com/vincenthz/hs-connection/pull/34 + extra-dep: true extra-deps: - base-prelude-1.3