Closed ArminPP closed 3 years ago
Kinda. On ESP8266 this already works but is extremely slow because of the limited processing power. Using it for sending credential is maybe ok, but anything else involving more bandwidth is just way too slow.
I have not verified the situation lately but last time I checked the ESP32 arduino core did not have the secure server implemented yet. Here is the open issue: https://github.com/espressif/arduino-esp32/issues/3902. It says "https server will be added in the next major version of Arduino".
To sum it up there is nothing preventing using the library with a secure server implementation. It works with any class derived from the Stream or Client.
I see, thank you for your explanation. So I'm waiting for the next Arduino release...
I am reopening this thread because unfortunately I have not found a solution to my problem.
I want to make the aWOT web server secure via WiFi and Ethernet, either by HTTPS or by server-side encryption.
At the moment I am using basic auth WebAPP.use(&auth);
which is not really secure I presume...
(And it does not secure the credentials)
Variant A (HTTPS): I found a library that fulfills these conditions, however it does not provide a client stream. [https://github.com/fhessel/esp32_https_server_compat/issues/4#issuecomment-718863563]() I guess that is an exclusion criterion? (I was asking for help at the git of the developer, but unfortunately there has been no response yet.) By the way, the library uses a similar approach (?) as aWOT, unfortunately I don't know if this is useful ...
void handleRoot(HTTPRequest * req, HTTPResponse * res) {
// We want to deliver an HTML page, so we set the content type
res->setHeader("Content-Type", "text/html");
// The response implements the Print interface, so you can use it just like
// you would write to Serial etc.
res->println("<!DOCTYPE html>");
(..)
The second method, to only do the authentication from the aWOT web server with HTTPS, unfortunately fails due to my lack of knowledge, a small code snippet / tip would be very nice.
0000 00 8c fa 87 d6 1c de ad be ef fe e1 08 00 45 00 ..............E.
0010 00 c0 01 3f 40 00 80 06 7e 09 0a 02 33 80 0a 02 ...?@...~...3...
0020 33 6c 00 50 14 f8 c0 a5 c5 e7 5c 15 9f 03 50 18 3l.P......\...P.
0030 08 00 5d 4a 00 00 7b 22 53 53 49 44 22 3a 22 74 ..]J..{"SSID":"t
0040 65 73 74 22 2c 22 57 69 46 69 50 61 73 73 77 6f est","WiFiPasswo
0050 72 64 22 3a 22 74 65 73 74 22 2c 22 44 48 43 50 rd":"test","DHCP
(..)
So I tried to encrypt the data with AES, on ESP32 with https://github.com/kakopappa/arduino-esp8266-aes-encryption-with-nodejs and in aWOT with https://github.com/brix/crypto-js. This worked fine, however the key is unencrypted readable from the browser with the developer tools.
I would very much like to use HTTPS, or at least encrypt the most important data, but unfortunately I can't find a solution.
I am very grateful for any tip, link or advice on the solution, and I would also be very happy to see a completely new approach that I am not yet familiar with.
Thanks, Armin
The version 2 of the esp32 arduino core is not out yet. Are you using the alpha version of the core?
Edit: The core issue is still open and the feature is not implemented. There is no really secure solution before the core supports the encrypted server connections. If you are just sending initial wifi credentials in AP mode the wifi connection itself should be encrypted.
That's a pity, I was still hoping for a workaround ;-) Now I have to be patient again ...
Is there a possibility to operate the awot web server based on https with WiFi and Ethernet ?
Thank you for some advice, Armin