Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Workarounds to make SSL/TLS work #899

Closed
tom-ch1 opened this issue Dec 9, 2020 · 15 comments
Closed

Workarounds to make SSL/TLS work #899

tom-ch1 opened this issue Dec 9, 2020 · 15 comments
Labels

Comments

@tom-ch1
Copy link

tom-ch1 commented Dec 9, 2020

Setting-up an SSL/TLS enabled Server using the ESPAsyncWebServer library is not yet fully documented and straight-forward. I spent a lot of time and finally got it to work. I'd like to share what I have learned, so you can make it work, too.

My setup and basic requirements

Here's an account of the caveats and how to work around them

  1. Compile error "class AsyncServer has no member named beginSecure"
  2. Link error: no matching function for call to AsyncClient::_recv(tcp_pcb*&, pbuf*&, int) or similar
  3. Link error: undefined reference to AsyncWebServer::onSslFileRequest(std::function<int (void*, char const*, unsigned char**)>, void*) or similar
  4. Now it compiles, but you may get a runtime error: Error: Feature not supported after calling server.beginSecure()
    • I tracked that one down to https://github.com/igrr/axtls-8266.
    • I thought it just didn't work because I used an unsupported cypher suite. But it wasn't that and I couldn't figure out the reason
    • but I found a configuration which works:
      • openssl genrsa -out Key.pem 1024
      • openssl req -x509 -out Cert.pem -key Key.pem -new -sha256 -subj /CN=your.domain -addext "keyUsage=digitalSignature,keyEncipherment" -addext extendedKeyUsage=serverAuth

I hope I could help somebody trying to set up an SSL-protected update-server

@zekageri
Copy link

Can it work with esp32 using AsyncTCP?

@jcassel
Copy link

jcassel commented Dec 16, 2020

@tom-ch1 Thank you for your work here in navigating the issues and then giving us all this leg up. It has really saved me a lot of time. Much appreciated.

One additional item that had me scratching my head for a few min was that once you have the files in place and the call to onSSLFileRequest you also need to add in the SPIFFS.Begin() call before you start the server.

@tom-ch1
Copy link
Author

tom-ch1 commented Dec 18, 2020

@zekageri : I don't know, but I have come across some sites which state that the esp32 doesn't have enough resources for SSL.

@jcassel : Thanks for pointing that out. In fact, my version is using LittleFS.

For a complete sketch see my example at https://gitlab.users.ch.eu.org/smarthome/eaws-ssl-updater

@stale
Copy link

stale bot commented Feb 18, 2021

[STALE_SET] This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Feb 18, 2021
@stale
Copy link

stale bot commented Mar 5, 2021

[STALE_DEL] This stale issue has been automatically closed. Thank you for your contributions.

@stale stale bot closed this as completed Mar 5, 2021
@vslinuxdotnet
Copy link

Just as Note: In the the SDK 3.X don't work because the openssl libs was removed.

@mhaberler
Copy link

@zekageri : I don't know, but I have come across some sites which state that the esp32 doesn't have enough resources for SSL.

@jcassel : Thanks for pointing that out. In fact, my version is using LittleFS.

For a complete sketch see my example at https://gitlab.users.ch.eu.org:10443/smarthome/eaws-ssl-updater

unfortunately that site went away - any replacement location?

@Puding07
Copy link

unfortunately that site went away - any replacement location?

@mhaberler I made one example WebServer sketch for ESP8266 using TLS. Check it out at: https://gitlab.com/artonworkstm/asyncwebservertls

The only thing I miss is session cache which would fasten up a bit the requests. I'll dig myself into it in the next days.

@mhaberler
Copy link

@mhaberler I made one example WebServer sketch for ESP8266 using TLS. Check it out at: https://gitlab.com/artonworkstm/asyncwebservertls

The only thing I miss is session cache which would fasten up a bit the requests. I'll dig myself into it in the next days.

thanks, appreciated!

@tom-ch1
Copy link
Author

tom-ch1 commented Dec 5, 2021

@zekageri : I don't know, but I have come across some sites which state that the esp32 doesn't have enough resources for SSL.
@jcassel : Thanks for pointing that out. In fact, my version is using LittleFS.
For a complete sketch see my example at https://gitlab.users.ch.eu.org:10443/smarthome/eaws-ssl-updater

unfortunately that site went away - any replacement location?

Yes, I put my Gitlab site behind a reverse proxy, so it's easier to find: https://gitlab.users.ch.eu.org/smarthome/eaws-ssl-updater

@ZanzyTHEbar
Copy link

ZanzyTHEbar commented Nov 8, 2022

@zekageri : I don't know, but I have come across some sites which state that the esp32 doesn't have enough resources for SSL.

@jcassel : Thanks for pointing that out. In fact, my version is using LittleFS.

For a complete sketch see my example at https://gitlab.users.ch.eu.org/smarthome/eaws-ssl-updater

that doesn't even make sense ... the ESP32 has a built-in SSL webserver header from espressif, it has an on-board crypto cell chip and has oodles more resources than the ESP8266. So, that's definitely not true.

@TheMiNuS
Copy link

I confirm it works running HTTPS server on an ESP8266 with this patch.
Is there a plan to integrate that code to the main branch ?

@uGiFarukh
Copy link

Any way this can be used for the ESP32 using AsyncTCP library?

@danielaac83
Copy link

danielaac83 commented Nov 15, 2023

I join to question, SSL in ESP32 with library ESPAsyncWebServer is possible?
Thanks

@zekageri
Copy link

Unfortunately no

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

10 participants