Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://arduino-pico.readthedocs.io/en/latest/bearssl-server-secure-class.html below:

Website Navigation

• Arduino-Pico

WiFiServerSecure Class — Arduino-Pico 4.7.1 documentation

Implements a TLS encrypted server with optional client certificate validation. See Server Class for general information and BearSSL Secure Client Class for basic server and BearSSL concepts.

Similar to the BearSSL::WiFiClientSecure method, sets the receive and transmit buffer sizes. Note that servers cannot request a buffer size from the client, so if these are shrunk and the client tries to send a chunk larger than the receive buffer, it will always fail. Needs to be called before begin()

TLS servers require a certificate identifying itself and containing its public key, and a private key they will use to encrypt information with. The application author is responsible for generating this certificate and key, either using a self-signed generator or using a commercial certification authority. Do not reuse the certificates included in the examples provided.

This example command will generate a RSA 2048-bit key and certificate:

openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -days 4096

Again, it is up to the application author to generate this certificate and key and keep the private key safe and private.

The TLS handshake process takes a long time because of all the back and forth between the client and the server. You can shorten it by caching the clients’ sessions which will skip a few steps in the TLS handshake. In order for this to work, your client also needs to cache the session. BearSSL::WiFiClientSecure can do that as well as modern web browsers.

Here are the kind of performance improvements that you’ll be able to see for TLS handshakes with an ESP8266 with it’s clock set at 160MHz on a network with fairly low latency:

• With an EC key of 256 bits, a request taking ~360ms without caching takes ~60ms with caching.

• With an RSA key of 2048 bits, a request taking ~1850ms without caching takes ~70ms with caching.

TLS servers can request the client to identify itself by transmitting a certificate during handshake. If the client cannot transmit the certificate, the connection will be dropped by the server.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4