Open jonnenauha opened 8 years ago
I could not find HTTPS/SSL references in the source and I do not see SSL support coming any time too soon at least:
The hardware seems to have AES acceleration, so not all hope is lost in performance front.
It's all just a matter of coding. Maybe something can be ported over from for example FreeRTOS-compatible SSL-libraries.
Hey,
At some point Thingsee had indeed on the roadmap development of HTTPS implementation. However, our roadmap has been restructured. Currently there isn't a clear plan to when implement HTTPS/SSL protocols.
The best assumption so far is what Python1320 mentioned:
It's all just a matter of coding. Maybe something can be ported over from for example FreeRTOS-compatible SSL-libraries.
We'll update you when there are changes on this matter.
One promising library that our team has found is mbed TLS (Apache 2.0 License. Now owned by ARM so it should be(come) quite compatible with the processor's acceleration too) It also has nice tutorials if someone wants to take a shot at integrating it: https://tls.mbed.org/kb/how-to/mbedtls-tutorial
@Python1320 thanks for the addition. Can be helpful for other developers.
Regards, Paulo, Thingsee
Has this been resolved? At master_20161021_2 it mentions that 'retail-tls' and 'retail-tls-dbg' configs were added on 21-Oct-2016.
'retail-tls' configurations enable HTTPS support, but will have much less memory available for Thingsee engine to run. TLS receive fragment size is 16 KiB, and that amount of memory is permanently allocated for TLS rx-buffer and not available for other tasks. Given that Thingsee One has 80 KiB RAM, this is quite large and as result Thingsee engine is not able to run as complex profiles as is possible without HTTPS support.
If you are in full control of your HTTPS server and you can limit TLS fragment size on the server-side, then you can reduce the TLS rx-buffer size with CONFIG_MBEDTLS_MAX_FRAGMENT_LEN config option. Note that with 'retail-tls' configuration, the size of tx TLS fragment has been already reduced to 512 bytes using "CONFIG_MBEDTLS_MAX_OUT_FRAGMENT_LEN=512" option.
We are doing our own cloud service where the device will post data to.
If you configure the
cloud.json
to have"https"
and protocol, its not actually using HTTPS. We also tried prefixing thehost
withhttps://
but that did not work either (abviously as its putting protocol into theHost
header).I looked around and (probably?) found the relevant code part https://github.com/thingsee/thingsee-sdk/blob/a764aefa31282193e8ea119ad86edd8efa3ad13a/apps/ts_engine/ts-connector/ts_connector.c#L183-L205
I also cant find any place where
.cloud_params.protocol
is being used at all in the client.We have a nginx reverse proxy in front of our cloud service, the
"https"
configured client produces a error along the lines "The client is trying to post HTTP to a HTTPS port" and it suppresses with 400 Bad Request, as in not forwarding the request to our backends.Our test device has firmaware https://github.com/thingsee/thingsee-sdk/releases/tag/dev_20151110_1 so its a couple of pre-releases old.
So my questions are: Has this already been fixed? If not are you going to implement https requests on the device client side? Is it on the roadmap?
Would like to send as secure traffic if possible. Not a big hassle though, we are now doing it via http 80.
Ping @cvetan5