ESP8266 Developer Zone The Official ESP8266 Forum 2015-08-12T17:38:58+08:00 https://bbs.espressif.com:443/feed.php?f=16&t=377 2015-08-12T17:38:58+08:00 2015-08-12T17:38:58+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=3173#p3173 <![CDATA[Re: SSL connection via AT commands]]> It's tested with sdk v1.2.0 with the SSL and memory optimization patch, not tested with the latest sdk. Remember to burn the bin files:
blank ----> 0x7e000 and 0xfe000
boot ----> 0x00000
user1.1024.new.2.bin ----> 0x1000

To start the connection: AT+TEST<CR><LF>
To send some data to the server: AT+TEST=?<CR><LF>

You need to build and run axtsltest.sln in VC_TLS_demo, I made a quick modification to the server posted by this guy: viewtopic.php?f=7&t=386
(BTW thanks huafan)

Enjoy
user1.1024.new.2.zip

VC_TLS_demo.zip

app.zip

Statistics: Posted by SL!M — Wed Aug 12, 2015 5:38 pm

]]> 2015-08-11T20:01:56+08:00 2015-08-11T20:01:56+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=3153#p3153 <![CDATA[Re: SSL connection via AT commands]]> Statistics: Posted by munderhill — Tue Aug 11, 2015 8:01 pm

]]> 2015-08-11T15:23:39+08:00 2015-08-11T15:23:39+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=3143#p3143 <![CDATA[Re: SSL connection via AT commands]]> I didn't fully test it yet but it works for now.
Thanks!

Statistics: Posted by SL!M — Tue Aug 11, 2015 3:23 pm

]]> 2015-06-18T02:37:29+08:00 2015-06-18T02:37:29+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=2294#p2294 <![CDATA[Re: SSL connection via AT commands]]>
My question is for the Espressif team, will SSL AT command ever be supported in the future? I understand the ram issue, maybe with proper optimization this could be fixed? like reducing the size of the Tx/Rx buffer and reducing the number of connections allowed. There must be room for compromise somehow. There is no way clients will install devices on there network that doesn't support SSL or some kind of encryption.
Sure we can implement our own encryption solution or use the SDK, but we prefer an out of the box solution.

Thanks,

Statistics: Posted by SL!M — Thu Jun 18, 2015 2:37 am

]]> 2015-04-27T11:08:09+08:00 2015-04-27T11:08:09+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=1533#p1533 <![CDATA[Re: SSL connection via AT commands]]>
Do you think it is still possible to optimize the firmware code some more?
v0.93SDK has no problem connecting using SSL to real websites like google and yahoo.
There is a real world need to be able to connect to SSL server, particularly for sending email or connecting to REST services. Most REST servers only accept SSL connection.

if there are 32k ram, and ssl code needs 12k, and ssl buffer size use 8k, that still leaves 12k ram for AT firmware, which is plenty. If firmware use 2k for tx and 2k for rx buffer, that still leaves 8k ram for everything else.

Thanks.

Statistics: Posted by doughboy — Mon Apr 27, 2015 11:08 am

]]> 2015-04-27T10:22:03+08:00 2015-04-27T10:22:03+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=1527#p1527 <![CDATA[Re: SSL connection via AT commands]]>
We debugged on your problem, it's the RAM limitation cause that.

AT commands has only 17KBytes available heap now,SSL need 12KBytes free heap size, if you espconn_secure_set_size to set 5KBytes,it is not enough..

So SSL can not be used in AT commands because RAM is limited.

Sorry for the inconvenience.

Statistics: Posted by ESP_Faye — Mon Apr 27, 2015 10:22 am

]]> 2015-04-23T11:12:45+08:00 2015-04-23T11:12:45+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=1484#p1484 <![CDATA[Re: SSL connection via AT commands]]> I bet if you uncomment that and set size to 8192 and compile that with patched ssl library, you will also get wdt reset.

I tried different values and if I set > 5k, espconn_secure_connect will wdt even connecting to iot.espressif.cn:8443.
I call system_get_free_heap_size() before calling espconn_secure_set_size and I get

Free heap: 17552

So I think there should be memory to malloc a buffer size of 8192.

Statistics: Posted by doughboy — Thu Apr 23, 2015 11:12 am

]]> 2015-04-23T11:09:39+08:00 2015-04-23T11:09:39+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=1483#p1483 <![CDATA[Re: SSL connection via AT commands]]>
So I'm pretty sure the bug is in espconn_secure_set method. It cause the module to wdt reset.

Statistics: Posted by doughboy — Thu Apr 23, 2015 11:09 am

]]> 2015-04-23T10:55:09+08:00 2015-04-23T10:55:09+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=1481#p1481 <![CDATA[Re: SSL connection via AT commands]]>
Using exactly the same code, if I used the patched ssl, I get wdt reset. I was using the older libssl.a from 1.0sdk in my previous post. So there is something wrong with the patched ssl library.

AT+CIPSTARTSSL="iot.espressif.cn",8443

host: iot.espressif.cn port:8443
Free heap: 17568
remote ip 255.255.255.255
buffer size 8192
using dns
in dns handler
remote ip 115.29.202.58
called connect.

ets Jan 8 2013,rst cause:4, boot mode:(3,3)

wdt reset
load 0x40100000, len 1320, room 16
tail 8
chksum 0xb8
load 0x3ffe8000, len 776, room 0
tail 8
chksum 0xd9
load 0x3ffe8308, len 412, room 0
tail 12
chksum 0xb9
csum 0xb9

2nd boot version : 1.3(b3)
SPI Speed : 40MHz
SPI Mode : QIO
SPI Flash Size : 16Mbit
jump to run user1

Statistics: Posted by doughboy — Thu Apr 23, 2015 10:55 am

]]> 2015-04-23T10:33:49+08:00 2015-04-23T10:33:49+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=1478#p1478 <![CDATA[Re: SSL connection via AT commands]]> So I tried to connect to iot.espressif.cn port 8443 and I got a successful connection.
But if I connect to iot.espressif.cn port 443, I get -11. I have already set the buffer to 8192.
you need to make ssl api work with normal websites like smtp.gmail.com:465. Otherwise, there is no real practical use for it other than a novelty API.
I got a firmware with ssl code compiled in 0.93SDK and it is able to connect to smtp.gmail.com:465 just fine, so I think some regression was introduced since then. I compiled my program back to 1.0sdk and they all do not work connecting to normal ssl websites.

This is the log from my program.
AT+CIPSTARTSSL="iot.espressif.cn",443

host: iot.espressif.cn port:443
Free heap: 17680
remote ip 255.255.255.255
using dns
in dns handler
remote ip 115.29.202.58
called connect.
tcp state: 6 error handler:-11
SSL server requires packet size >8192 limit

ERROR
AT+CIPSTARTSSL="iot.espressif.cn",8443

host: iot.espressif.cn port:8443
Free heap: 17680
remote ip 255.255.255.255
using dns
in dns handler
remote ip 115.29.202.58
called connect.
in listener handler
CONNECT

OK
AT+CIPCLOSESSL

in disconnect handler
CLOSED

OK

Statistics: Posted by doughboy — Thu Apr 23, 2015 10:33 am

]]> 2015-04-22T11:53:18+08:00 2015-04-22T11:53:18+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=1468#p1468 <![CDATA[Re: SSL connection via AT commands]]>
Thanks for your interest in ESP8266,

Please have a try with the demo code here http://bbs.espressif.com/viewtopic.php?f=21&t=389
Notice that there is a SSL patch http://bbs.espressif.com/viewtopic.php?f=5&t=382

In your case, you need to only change the IP , port and buffer size in user_check_ip , just as below

Code:

       const char esp_server_ip[4] = {96, 114, 157, 81};

       os_memcpy(user_tcp_conn.proto.tcp->remote_ip, esp_server_ip, 4);

       user_tcp_conn.proto.tcp->remote_port = 465; // remote SSL port of tcp server
     
       user_tcp_conn.proto.tcp->local_port = espconn_port(); //local port of ESP8266

       espconn_regist_connectcb(&user_tcp_conn, user_tcp_connect_cb); // register connect callback
       espconn_regist_reconcb(&user_tcp_conn, user_tcp_recon_cb); // register reconnect callback as error handler

       espconn_secure_set_size(ESPCONN_CLIENT,5120); // set SSL buffer size, if your SSL packet larger than 2048
       espconn_secure_connect(&user_tcp_conn); // tcp SSL connect


Please have a try and let me know if your problem be solved or not ?

Statistics: Posted by ESP_Faye — Wed Apr 22, 2015 11:53 am

]]> 2015-04-22T11:18:48+08:00 2015-04-22T11:18:48+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=1463#p1463 <![CDATA[Re: SSL connection via AT commands]]>
Her Majesty wrote:
Here is a SSL demo http://bbs.espressif.com/viewtopic.php?f=7&t=386


that is just a copy of the iot example program, lol.
I can tell you with absolute certainty, the ssl api does not work.

Statistics: Posted by doughboy — Wed Apr 22, 2015 11:18 am

]]> 2015-04-22T10:53:44+08:00 2015-04-22T10:53:44+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=1462#p1462 <![CDATA[Re: SSL connection via AT commands]]> http://bbs.espressif.com/viewtopic.php?f=7&t=386

Statistics: Posted by Her Mary — Wed Apr 22, 2015 10:53 am

]]> 2015-04-21T23:59:25+08:00 2015-04-21T23:59:25+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=1452#p1452 <![CDATA[Re: SSL connection via AT commands]]> Statistics: Posted by doughboy — Tue Apr 21, 2015 11:59 pm

]]> 2015-04-20T14:17:03+08:00 2015-04-20T14:17:03+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=1432#p1432 <![CDATA[Re: SSL connection via AT commands]]>
Sorry for the inconvenience.

We don't have an AT command to create SSL connection now.

You can try to defined your own AT command about SSL.

Statistics: Posted by ESP_Faye — Mon Apr 20, 2015 2:17 pm

]]> 2015-04-17T17:53:15+08:00 2015-04-17T17:53:15+08:00 https://bbs.espressif.com:443/viewtopic.php?t=377&p=1397#p1397 <![CDATA[SSL connection via AT commands]]> Statistics: Posted by munderhill — Fri Apr 17, 2015 5:53 pm

]]>