SSL support #362
Comments
|
I added SSL support to Since they use a self-signed root certificate, I need to disable the check whether the certificate is valid, so using SSL won’t protect against a malicious site trying to impersonate your bridge. It will encrypt the traffic, though, no longer sending the bridge username (API key) in clear text. I’m still not sure how to decide on SSL vs unencrypted traffic. I can determine whether it’s a Hue bridge during discovery, but not if it runs a firmware version that supports SSL. Also, I don’t think Philips have yet rolled out the SSL-enabling firmware world wide. I would prefer not to introduce yet another config.json setting. Maybe best to try SSL first and fallback to plain HTTP when that doesn’t work? |
|
They suggest to try with HTTPS first and fall back on HTTP. They also suggest to pin the certificate (the certificate name is the bridge serial number): For your application it is best practice to pin (with the bridge-id) the certificate on first connection with the bridge (“trust on first use”) and check upon later contacts with the same bridge. I’m more than happy to be a tester for your implementation, my bridge is showing full SSL support. |
|
I need to move to dynamic platform accessories (issue #4), before hombridge-hue can pin the SSL certificate automatically. Having the user enter the fingerprint manually in config.json is too error prone. |
|
v0.11.54 communicates with the gen-2 Hue bridge over SLL. The certificate is pinned while homebridge is running, but not persisted across homebridge restarts. As |
Issue
This is more of a question: Hue hubs now support self-signed SSL certificate. Is this plugin supporting the SSL connection? Info here: https://developers.meethue.com/documentation/https-connection-hue-bridge
Log Messages
Debug Files
n/a
The text was updated successfully, but these errors were encountered: