sensors-software icon indicating copy to clipboard operation
sensors-software copied to clipboard

Published 20 hours ago verified publisher icon opendata-stuttgart

docs: document the supported TSL ciphers

Open bb-Ricardo opened this issue 4 years ago • 3 comments

I updated my sensors from a old firmware and after that the influx SSL writer stopped working. After some poking around I got a 'SSL cipher mismatch'.

It took me a while to figure out which ciphers are actually supported. To make sure people know that only a basic set of ciphers are supported it should be documented.

The common build_flags in platformio.ini contain -D BEARSSL_SSL_BASIC which limits the set to

    BR_TLS_RSA_WITH_AES_128_CBC_SHA256,
    BR_TLS_RSA_WITH_AES_256_CBC_SHA256,
    BR_TLS_RSA_WITH_AES_128_CBC_SHA,
    BR_TLS_RSA_WITH_AES_256_CBC_SHA,

CBC ciphers are commonly considered insecure. But I guess due to the limited resources this is the best combination of encryption and performance.

It would be great if this could be added as a small note/hint in the docs. Or it is already documented and I didn't find it.

Thank you, for all this work. This is an amazing project.

bb-Ricardo avatar Dec 07 '20 21:12 bb-Ricardo

Added to documentation at https://github.com/opendata-stuttgart/meta/wiki/APIs English version will follow.

ricki-z avatar Dec 08 '20 15:12 ricki-z

great, thank you very much

bb-Ricardo avatar Dec 08 '20 16:12 bb-Ricardo

@ricki-z merged both German and English API pages. Also added 3rd party API description: https://github.com/opendata-stuttgart/meta/wiki/EN-APIs

DeeKey avatar Dec 25 '20 13:12 DeeKey