Open SpicerSolutions opened 3 years ago
Hi! This is not likely/almost impossible to implement on ESP8266 due to insufficient memory. On the ESP32 it is a different story, HTTPS support is easily possible. Still we would need to figure out how to add a certificate that is ideally both not self-signed (so that it is trusted by browsers), but that could not be circumvented by the private key becoming public due to the open source of WLED. This would likely require users to generate/install their own certificates for true security, but it's definitely something I want to look into!
@SpicerSolutions You can hear Unexpected Maker
talk about the issues with https on this video: https://youtu.be/A4Hzz84HuNY?t=733 The issue is around the certificates consuming too much RAM. Though, in the video, I am not 100% clear if he is talking about inbound or outbound connections. If I wanted to secure my WLED on my network, I would probably use a reverse proxy and firewall rules.
Could use a self-signed certificate by default. In the config you could then replace it with your own. That's how most devices work.
This can be supported using reverse proxy which will handle HTTPS (and WSS) with recent modifications in 0.14.0-b3+.
Is HTTPS likely to be support on the HTTP request endpoint?
I appreciate this might be difficult for people with expiring SSL certificates.