Szyfrowane połączenie między serwerem a urządzeniem na ESP

Awatar użytkownika
klew
Posty: 8184
Rejestracja: czw cze 27, 2019 12:16 pm
Lokalizacja: Wrocław

Niedawno do biblioteki w wersji "develop" zostały dodane szyfrowanie połączenia do serwera dla płytek ESP8266.
W związku z tym kilka osób zgłaszało różne problemy, które okazały się wynikać z braku pamięci RAM na ESP8266.
Szyfrowanie jest obecnie włączone domyślnie i jeśli ktoś chce, można je wyłączyć poleceniem

Kod: Zaznacz cały

  wifi.enableSSL(false);    // wifi to nazwa zmiennej od Supla::ESPWifi
U mnie na Wemos d1 r1 tak wygląda ilość wolnej pamięci na jakimś prostym programie:
1. bez szyfrowania - ilość wolej pamięci 40 kB
2. z szyfrowaniem, bez zmiany rozmairu ramek ssl - 13 kB

Samo włączenie SSL powoduje zjedzenie okoo 6 kB RAM-u. Następnie każda instancja "client secure" zjada około 22 kB.
Z tego powodu praktycznie nie da się utworzyć dwóch instacji "client secure" (np. do airly, do linków bezpośrednich itp.)
Włączanie innych ciekawych rozszerzeń do aplikacji (np. GUI, wifi manager, itd) też zjada pamięć, więc miejcie to na uwadze w swoich programach.
Najprostszy workaround polega na wyłączeniu szyfrowania SSL.

Jest też druga opcja, którą aktualnie sprawdzam. Polega ona na zmieniszeniu rozmiaru ramek używanych przez SSL. Niestety bibliteka SSL używana na serwerach Supli nie wspiera negocjacji rozmiaru ramki, więc nie da się tego bezpiecznie zrobić tylko po stronie urządzenia, choć u siebie zmniejszyłem ramki i jak na razie wszystko działa (oczywiście do czasu aż serwer nie wyśle na raz większej porcji danych).
Tak wygląda ilość wolnej pamięci w tym przypadku:
3. z szyfrowaniem, z redukcją ramek do 512 bajtów - 29 kB

Dam znać jeśli problem zostanie jakoś sensownie rozwiązany.
Widzimy się na Supla Offline Party vol. 2 :!:
daniel
Posty: 34
Rejestracja: czw lut 15, 2018 7:29 am

klew pisze: czw mar 05, 2020 1:55 pm choć u siebie zmniejszyłem ramki i jak na razie wszystko działa
Ja też od kilku dni testuję redukcję ramek

Kod: Zaznacz cały

static_cast<WiFiClientSecure*>(client)->setBufferSizes(512, 512); // EXPERIMENTAL
i nie zaobserwowałem jeszcze nic niepokojącego.
krycha88
Posty: 5186
Rejestracja: pt lis 16, 2018 7:25 am
Kontakt:

daniel pisze: sob mar 21, 2020 9:56 am
klew pisze: czw mar 05, 2020 1:55 pm choć u siebie zmniejszyłem ramki i jak na razie wszystko działa
Ja też od kilku dni testuję redukcję ramek

Kod: Zaznacz cały

static_cast<WiFiClientSecure*>(client)->setBufferSizes(512, 512); // EXPERIMENTAL
i nie zaobserwowałem jeszcze nic niepokojącego.
Na chwilę obecną odrobinę bardziej rozbudowany program nie działa już po SSL, nie można nawiązać połączenia z Suplą.

Po wprowadzeniu redukcji ramek:

Kod: Zaznacz cały

((WiFiClientSecure *)client)->setBufferSizes(1024, 256);
w tym miejscu:
https://github.com/klew/arduino/blob/ma ... wifi.h#L85

działa i jeszcze zyskujemy po SSL około 4 kB :)
https://gui-generic-builder.supla.io/
krycha88
Posty: 5186
Rejestracja: pt lis 16, 2018 7:25 am
Kontakt:

aby korzystać z SSL w swoim projekcie zmodyfikowałem esp_wifi.h

https://github.com/krycha88/arduino/com ... 5e9d3cabc0

później można to wywołać tak:

Kod: Zaznacz cały

  Supla::ESPWifi *wifi = new Supla::ESPWifi("your_wifi_ssid", "your_wifi_password");
  wifi->setBufferSizes(1024, 256);
@klew jeżeli akceptujesz to mogę to wrzucić jeżeli nie to proszę dopisz podobną metodę :)
https://gui-generic-builder.supla.io/
Awatar użytkownika
klew
Posty: 8184
Rejestracja: czw cze 27, 2019 12:16 pm
Lokalizacja: Wrocław

krycha88 pisze: pt maja 29, 2020 1:21 pm aby korzystać z SSL w swoim projekcie zmodyfikowałem esp_wifi.h

https://github.com/krycha88/arduino/com ... 5e9d3cabc0

później można to wywołać tak:

Kod: Zaznacz cały

  Supla::ESPWifi *wifi = new Supla::ESPWifi("your_wifi_ssid", "your_wifi_password");
  wifi->setBufferSizes(1024, 256);
@klew jeżeli akceptujesz to mogę to wrzucić jeżeli nie to proszę dopisz podobną metodę :)
Wrzuć mi issue na moim githubie. Dorzucę taką metodę, tylko w sposób bezpieczny dla nieszyfrowanego połączenia ;)

Co stoi za hasłem "xmit"?
Widzimy się na Supla Offline Party vol. 2 :!:
krycha88
Posty: 5186
Rejestracja: pt lis 16, 2018 7:25 am
Kontakt:

klew pisze: pt maja 29, 2020 2:18 pm Wrzuć mi issue na moim githubie. Dorzucę taką metodę, tylko w sposób bezpieczny dla nieszyfrowanego połączenia ;)

Co stoi za hasłem "xmit"?
wykorzystałem taką samą nazwę zmiennej jak w bibliotece
https://github.com/esp8266/Arduino/blob ... v-int-xmit

issues
https://github.com/klew/arduino/issues/31
https://gui-generic-builder.supla.io/
Adamo28
Posty: 138
Rejestracja: ndz lis 08, 2020 2:54 pm

Podłącze się pod temat z problemem, wybieram przykłada z biblioteki supli (biblioteka i menadżer płytek aktualne) WebInterface.ino, wstawiam w setup:

Kod: Zaznacz cały

...
 Serial.begin(115200);
 wifi.enableSSL(false);
...
i dostaje taki błąd:

Kod: Zaznacz cały

Initializing network layer
Network AP/hostname: SUPLA-ESP8266-A907EE
Enter normal mode
WiFi: establishing connection with SSID: "Adari"
Using Supla protocol version 16
LAST STATE ADDED: SuplaDevice initialized
Current status: [5] SuplaDevice initialized
local IP: 192.168.1.235
subnetMask: 255.255.255.0
gatewayIP: 192.168.1.1
Signal strength (RSSI): -55 dBm
Establishing unsecured connection with: svr41.supla.org (port: 2016)
Connected to Supla Server
LAST STATE ADDED: Register in progress
Current status: [10] Register in progress
Send: [53 55 50 4C 41 10 01 00 00 00 45 00 00 00 C5 02 00 00 6B 61 6A 69 31 39 62 40 67 6D 61 69 6C 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 CE C9 D8 36 53 AD EE 65 15 CF 77 E1 82 47 E3 79 1D E3 14 46 94 01 B0 04 F7 4F 67 A1 3D 4D 53 55 50 4C 41 2D 45 53 50 38 32 36 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]
Establishing  with: svr41.supla.org (port: 2016)
Connected to Supla Server
Send: [53 55 50 4C 41 10 02 00 00 00 45 00 00 00 C5 02 00 00 6B 61 6A 69 31 39 62 40 67 6D 61 69 6C 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 CE C9 D8 36 53 AD EE 65 15 CF 77 E1 82 47 E3 79 1D E3 14 46 94 01 B0 04 F7 4F 67 A1 3D 4D 53 55 50 4C 41 2D 45 53 50 38 32 36 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]
Establishing  with: svr41.supla.org (port: 2016)
Connected to Supla Server
Send: [53 55 50 4C 41 10 03 00 00 00 45 00 00 00 C5 02 00 00 6B 61 6A 69 31 39 62 40 67 6D 61 69 6C 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 CE C9 D8 36 53 AD EE 65 15 CF 77 E1 82 47 E3 79 1D E3 14 46 94 01 B0 04 F7 4F 67 A1 3D 4D 53 55 50 4C 41 2D 45 53 50 38 32 36 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]
Establishing  with: svr41.supla.org (port: 2016)
Connected to Supla Server
Send: [53 55 50 4C 41 10 04 00 00 00 45 00 00 00 C5 02 00 00 6B 61 6A 69 31 39 62 40 67 6D 61 69 6C 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 CE C9 D8 36 53 AD EE 65 15 CF 77 E1 82 47 E3 79 1D E3 14 46 94 01 B0 04 F7 4F 67 A1 3D 4D 53 55 50 4C 41 2D 45 53 50 38 32 36 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]
Establishing  with: svr41.supla.org (port: 2016)
Connected to Supla Server
Send: [53 55 50 4C 41 10 05 00 00 00 45 00 00 00 C5 02 00 00 6B 61 6A 69 31 39 62 40 67 6D 61 69 6C 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 CE C9 D8 36 53 AD EE 65 15 CF 77 E1 82 47 E3 79 1D E3 14 46 94 01 B0 04 F7 4F 67 A1 3D 4D 53 55 50 4C 41 2D 45 53 50 38 32 36 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]
Establishing  with: svr41.supla.org (port: 2016)
Connected to Supla Server
Send: [53 55 50 4C 41 10 06 00 00 00 45 00 00 00 C5 02 00 00 6B 61 6A 69 31 39 62 40 67 6D 61 69 6C 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 CE C9 D8 36 53 AD EE 65 15 CF 77 E1 82 47 E3 79 1D E3 14 46 94 01 B0 04 F7 4F 67 A1 3D 4D 53 55 50 4C 41 2D 45 53 50 38 32 36 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]
Establishing  with: svr41.supla.org (port: 2016)
Connected to Supla Server
Send: [53 55 50 4C 41 10 07 00 00 00 45 00 00 00 C5 02 00 00 6B 61 6A 69 31 39 62 40 67 6D 61 69 6C 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 CE C9 D8 36 53 AD EE 65 15 CF 77 E1 82 47 E3 79 1D E3 14 46 94 01 B0 04 F7 4F 67 A1 3D 4D 53 55 50 4C 41 2D 45 53 50 38 32 36 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]
Establishing  with: svr41.supla.org (port: 2016)
Connected to Supla Server
Send: [53 55 50 4C 41 10 08 00 00 00 45 00 00 00 C5 02 00 00 6B 61 6A 69 31 39 62 40 67 6D 61 69 6C 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 CE C9 D8 36 53 AD EE 65 15 CF 77 E1 82 47 E3 79 1D E3 14 46 94 01 B0 04 F7 4F 67 A1 3D 4D 53 55 50 4C 41 2D 45 53 50 38 32 36 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]
Recv: [15 03 01 00 02 02 46 ]
sproto_pop_in_sdp error: 254
LAST STATE ADDED: Communication failure
Current status: [7] Communication failure
Establishing  with: svr41.supla.org (port: 2016)
Connected to Supla Server
LAST STATE ADDED: Register in progress
Current status: [10] Register in progress
Send: [53 55 50 4C 41 10 09 00 00 00 45 00 00 00 C5 02 00 00 6B 61 6A 69 31 39 62 40 67 6D 61 69 6C 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 CE C9 D8 36 53 AD EE 65 15 CF 77 E1 82 47 E3 79 1D E3 14 46 94 01 B0 04 F7 4F 67 A1 3D 4D 53 55 50 4C 41 2D 45 53 50 38 32 36 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]
Recv: [15 03 01 00 02 02 46 ]
sproto_pop_in_sdp error: 254
LAST STATE ADDED: Communication failure
Current status: [7] Communication failure
Establishing  with: svr41.supla.org (port: 2016)

i tak w kółko. Sam przykład bez wyłączania SSL działa dobrze. Samo wyłączenie SSL w swoich projektach esp bez suplowego webserwera działa poprawnie.
Awatar użytkownika
klew
Posty: 8184
Rejestracja: czw cze 27, 2019 12:16 pm
Lokalizacja: Wrocław

Adamo28 pisze: śr wrz 28, 2022 8:48 am Podłącze się pod temat z problemem, wybieram przykłada z biblioteki supli (biblioteka i menadżer płytek aktualne) WebInterface.ino, wstawiam w setup:
Wydaje mi się, że zepsułem tutaj wyłączanie szyfrowanego połączenia.
Poprawię to w następnym wydaniu bibliteki, ale chwilę trzeba będzie na to poczekać.
Dodałem issue na ten błąd: https://github.com/SUPLA/supla-device/issues/24
Widzimy się na Supla Offline Party vol. 2 :!:
ODPOWIEDZ

Wróć do „Arduino IDE”