Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPS to sites using LetsEncrypt certificates with MKR1000 fails #310

Open
kleag opened this issue Apr 20, 2021 · 1 comment
Open

HTTPS to sites using LetsEncrypt certificates with MKR1000 fails #310

kleag opened this issue Apr 20, 2021 · 1 comment
Labels
type: imperfection Perceived defect in any part of project

Comments

@kleag
Copy link

kleag commented Apr 20, 2021

I cannot connect to my RESTful API (Django REST framework) using https on my mkr 1000.

It worked beforehand on my local network.

I updated the firmware and was able to connect to google.com, arduino.cc or amazon.com using the WifiSSLClient sketch.

When I import my domain root certificate, there is no error message but the sketch cannot connect to my site. I tried also to connect (after importing the certificate) to the letsencrypt.org site (which probably uses also a letsencrypt certificate) and it fails also.

There is no error message at all, just if (client.connect(server, 443)) { returns false.

I had a look to this question on the Arduino forum and tried to apply the change on the ciphers handling that was proposed, with no luck.
@per1234 per1234 added the type: imperfection Perceived defect in any part of project label Apr 20, 2021
kleag added a commit to kleag/moisture that referenced this issue Apr 21, 2021
@kleag
Switch back to http on local network
d6f0fc5 
My MKR1000 cannot access my Django REST framework API using https for an
unknown reason.
- question opened on Arduino forum: https://forum.arduino.cc/t/https-to-sites-using-letsencrypt-certificates-with-mkr1000/851421
- issue opened on the Wifi101 github: arduino-libraries/WiFi101#310
kleag added a commit to kleag/moisture that referenced this issue Apr 21, 2021
@kleag
Solve problem connecting to the https server
c50ff18 
The issue arduino-libraries/WiFi101#310 was
not in cause and will be closed. The problem was a nginx ssl config
server side.
@kleag
Copy link
Author

kleag commented Apr 21, 2021

This problem is solved on my side by changing the nginx ssl configuration.
Is it a bug of this library anyway? Here are the settings I commented out to make it work:

#    ssl_buffer_size               8k;
#    ssl_protocols                 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
#    ssl_ciphers                   TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES128-GCM-SH A256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
#    ssl_prefer_server_ciphers     on;
#    ssl_stapling                  on;
#    ssl_stapling_verify           on;
#    ssl_ecdh_curve                secp384r1:X25519:prime256v1;

Feel free to close the issue if you think there is no problem with the library.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: imperfection Perceived defect in any part of project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kleag @per1234