node-zwave-js icon indicating copy to clipboard operation
node-zwave-js copied to clipboard

Published 20 hours ago verified publisher icon zwave-js

Add ssl feature to TCP socket device

Open vlycop opened this issue 2 years ago • 1 comments

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] I use ssl socat server on a raspberry A who's only job is to provide device to VM I could use the TCP input for this, but right now it does not allow for SSL I think it's pretty bad to have a S2 secured network going clear text over the network and most likely wifi, so i belive this is pretty important for security

Describe the solution you'd like Right now my client and server are looking like that

  • client : socat openssl-connect:ap-rpi3bp-002.domain.com:4435,cert=/home/socat/cert/ap-univm-021.pem,cafile=/home/socat/cert/ap-rpi3bp-002.crt,verify=0 pty,link=/dev/lio_zwave,user=socat,group=dialout,mode=660,nonblock,raw,ignoreof
  • server: socat openssl-listen:4435,keepalive,reuseaddr,cert=/srv/homeassistant/socat/ap-rpi3bp-002.pem,cafile=/srv/homeassistant/socat/ap-univm-021.crt,verify=0 /dev/serial/by-id/usb-Silicon_Labs_CP2102N_USB_to_UART_Bridge_Controller_92a36bbd7784e911bd509cd6217343c2-if00-port0,raw,echo=0 but i can't replace the client with the TCP:// socket in zwave-js. To do so, i think it could be possible to use https://nodejs.org/docs/latest-v17.x/api/tls.html instead of https://nodejs.org/docs/latest-v17.x/api/net.html when cert are provided. Having never done any JS, https://riptutorial.com/node-js/example/19326/tls-socket--server-and-client doesn't sound to complicated.

The goal would be to have the default right now stay the same, and a way to provide a cert and CA path to enable SSL. Then this could be added in the Frontend on the other repo

Describe alternatives you've considered Right now, i am keeping my ssl socat server, and re-bouncing it locally in clear-text like so: rpi --- SSL Socat ---> VM --- Clear local Socat ---> Container This work, but is a dirty hack with additional point of failure and latency

Additional context https://github.com/zwave-js/zwavejs2mqtt/issues/2345 https://github.com/zwave-js/node-zwave-js/blob/966e51fc81eb7a1686f9ac94971a06bab5ed26f1/packages/serial/src/ZWaveSocket.ts#L17

vlycop avatar Apr 05 '22 21:04 vlycop

Note to self since it wasn't too clear in the Node.js docs: TLS sockets are simply extensions of the basic net.Sockets.

AlCalzone avatar Apr 06 '22 17:04 AlCalzone