Setup over HTTPS

#1

Hi everyone,

Currently we have an ESP8266 device running Mongoose OS.
To set up the device, it turns itself into a SOFTAP and the user sends RPC setup calls over HTTP. This all works very well, but our customer wants us to start using HTTPS to reduce the risk of snooping.

Do any of the libraries (open or proprietary) support secure HTTPS for RPC? I took a dig through the libraries but was unable to find any hint of this functionality. We have purcahsed a license to access the proprietary mos-libs.

Thankyou!
Andrew

#2
#4

Thanks Sergey for your earlier reply.
I have generated a self-signed cert as per the Mongoose OS security user guide:

openssl req  -nodes -new -x509  -keyout key.pem -out cert.pem
mos put cert.pem
mos put key.pem
mos config-set http.listen_addr=443 http.ssl_key=key.pem http.ssl_cert=cert.pem

When I connect to my device, It seems that no error comes out. It shows an incoming connection from 192.168.4.3:56854 (My PC), but after that, nothing happens. On my PC side it times out. I cannot make any RPC calls via HTTPS.

Thanks for your generous help and support!

[Jun 26 15:31:54.916] mgos_wifi_on_change_ a0:c5:89:87:b8:7e connected
[Jun 26 15:31:55.077] mongoose_poll        New heap free LWM: 35152
[Jun 26 15:31:55.269] mongoose_poll        New heap free LWM: 35144
[Jun 26 15:32:07.467] mongoose_poll        New heap free LWM: 35000
[Jun 26 15:32:07.674] mongoose_poll        New heap free LWM: 33456
[Jun 26 15:32:07.867] mongoose_poll        New heap free LWM: 33000
[Jun 26 15:32:16.292] mongoose_poll        New heap free LWM: 30424
[Jun 26 15:32:21.625] mgos_http_ev         0x3fff3174 HTTP connection from 192.168.4.3:56854
[Jun 26 15:32:21.625] mongoose_poll        New heap free LWM: 24752
#5

It appears that the incoming connection is accepted, but the TLS handshake times out some how. Here is a pastebin; I’m not sure if it helps:

https://pastebin.com/jvUJiT3e

#6

Our issue is still unresolved.
If I could get some input from the community (anybody at all!) for ideas to try, or just any ideas at all, I would be very grateful! We have sort of hit a wall here.

Andrew