Add support for TLS/SSL

[rrgeorge]

Add support for using ssl with client connections. I understand there are some technical challenges to this, but I think one way this can be accomplished using a wildcard certificates using letsencrypt dns based verification. Plex does this with wildcard certificates in the form of *.(hex string, possibly a form of uuid).plex.direct, then uses a host name like 192-168-1-123.hex-string.plex.direct EncounterPlus could request its certificates from the client.encounter.plus server when doing remote is discovery. There are probably other solutions that could work too.

[jurex]

well, it's not that easy @rrgeorge. I've already implemented TLS on websockets, but the problem is you need to install a valid private key + certificate directly in your device in order to pass TLS handshake and begin encryption. Wildcard certificate could work, but the private key must be included in the app's binary, which is not very secure. Also, if extracted, it will compromise all devices. So the cert needs to be somehow dynamic. Not sure how to achieve that though.

[rrgeorge]

You’d could generate the private key on the device itself.

[jurex]

Yeah I know, but to generate a valid certificate from it I need to create a CSR request and sign it with some good CA.

[rrgeorge]

That’s why I was suggesting letsencrypt with dns validation. Probably the most realistic solution, would be to include an acme client for dns verification directly from the device. You would probably also want to have a dedicated domain for it.