esp-idf/examples/10_openssl_server not working

User avatar
martinayotte
Posts: 139
Joined: Fri Nov 13, 2015 4:27 pm

esp-idf/examples/10_openssl_server not working

Postby martinayotte » Sat Dec 10, 2016 10:31 pm

esp-idf/examples/10_openssl_server is not working.
It is starting properly, but Firefox doesn't show "go on to visit it" or similar, it is only showing the following message :

Code: Select all

Advanced info: SSL_ERROR_UNSUPPORTED_VERSION
On ESP side, the serial log is showing "Openssl_demo: failed" at the moment the browser did the request.

Code: Select all

ets Jun  8 2016 00:22:57

rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0x00
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3ffc0008,len:0
load:0x3ffc0008,len:1964
load:0x40078000,len:3696
ho 0 tail 12 room 4
load:0x40080000,len:260
entry 0x40080034
I (791) heap_alloc_caps: Initializing heap allocator:
I (791) heap_alloc_caps: Region 19: 3FFC13D4 len 0001EC2C tag 0
I (792) heap_alloc_caps: Region 25: 3FFE8000 len 00018000 tag 1
I (802) cpu_start: Pro cpu up.
I (808) cpu_start: Single core mode
I (814) cpu_start: Pro cpu start user code
I (1029) phy: phy_version: 258, Nov 29 2016, 15:51:07, 0, 0
I (2071) cpu_start: Starting scheduler on PRO CPU.
tcpip_task_hdlxxx : 3ffc4f44, prio:18,stack:2048
I (2080) wifi: frc2_timer_task_hdl:3ffc6a58, prio:22, stack:2048
I (2080) wifi: pp_task_hdl : 3ffc92b8, prio:23, stack:8192
I (2090) Openssl_demo: start the WIFI SSID:[Giroles-Salon] password:[xxxxxxxxxxxxxxx]

I (2090) wifi: mode : sta (24:0a:c4:01:df:b8)
I (3720) wifi: n:11 0, o:1 0, ap:255 255, sta:11 0, prof:1
I (4370) wifi: state: init -> auth (b0)
I (4370) wifi: state: auth -> assoc (0)
I (4380) wifi: state: assoc -> run (10)
I (4390) wifi: connected with Giroles-Salon, channel 11
I (12010) event: ip: 10.111.111.65, mask: 255.255.255.0, gw: 10.111.111.251
I (12010) Openssl_demo: SSL server context create ......
I (12010) Openssl_demo: OK
I (12010) Openssl_demo: SSL server context set own certification......
I (12020) Openssl_demo: OK
I (12020) Openssl_demo: SSL server context set private key......
I (12130) Openssl_demo: OK
I (12130) Openssl_demo: SSL server create socket ......
I (12130) Openssl_demo: OK
I (12130) Openssl_demo: SSL server socket bind ......
I (12140) Openssl_demo: OK
I (12140) Openssl_demo: SSL server socket listen ......
I (12150) Openssl_demo: OK
I (12150) Openssl_demo: SSL server create ......
I (12160) Openssl_demo: OK
I (12160) Openssl_demo: SSL server socket accept client ......
I (14380) wifi: pm open, type:0, st: 0, sending null data: 0

I (54100) Openssl_demo: OK
I (54100) Openssl_demo: SSL server accept client ......
I (54820) Openssl_demo: failed
I (54830) Openssl_demo: SSL server create ......
I (54830) Openssl_demo: OK
I (54830) Openssl_demo: SSL server socket accept client ......

WiFive
Posts: 2951
Joined: Tue Dec 01, 2015 7:35 am

Re: esp-idf/examples/10_openssl_server not working

Postby WiFive » Sun Dec 11, 2016 4:57 am

Change SSLv3_server_method() to TLSv1_2_server_method() and add another \r\n to Content-Length line (last line of response headers).

Response time is 4s though!

User avatar
martinayotte
Posts: 139
Joined: Fri Nov 13, 2015 4:27 pm

Re: esp-idf/examples/10_openssl_server not working

Postby martinayotte » Sun Dec 11, 2016 6:00 pm

Thanks ! It is now working ...

ESP_igrr
Posts: 1658
Joined: Tue Dec 01, 2015 8:37 am

Re: esp-idf/examples/10_openssl_server not working

Postby ESP_igrr » Mon Dec 12, 2016 2:49 am

Thanks for the report and suggesting a fix!

WiFive
Posts: 2951
Joined: Tue Dec 01, 2015 7:35 am

Re: esp-idf/examples/10_openssl_server not working

Postby WiFive » Mon Dec 12, 2016 5:30 am

ESP_igrr wrote:Thanks for the report and suggesting a fix!
How to improve the transaction time?
Image

WiFive
Posts: 2951
Joined: Tue Dec 01, 2015 7:35 am

Re: esp-idf/examples/10_openssl_server not working

Postby WiFive » Thu Dec 15, 2016 8:00 am

Moving to P-256 saves about 600ms. Moving to RSA saves another 600ms.

HTTPS server is not practical with those key exchange times.

Who is online

Users browsing this forum: No registered users and 1 guest