gbridge.io + new version FW 6.6 with TLS support #6042
Comments
SibMan54
changed the title
|
When using Letsencrypt, the cipher BR_TLS_RSA_WITH_AES_128_GCM_SHA256 is rejected by the server because considered not secure enough. You can check with the following command:
What you need is an hybrid between the current version and the AWS IoT version that uses BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. It should work as shown with the following command:
I'll add it as an option, but I'm lacking time right now. |
|
Problem as to me seems that I incorrectly collect Binary file! Except a raskomentirovaniye of two lines in my_user_config it is necessary to do something still?
I did not understand where I need to write this command? |
|
You can run this command on any machine to check the server certificates. But you don't need to. Can you try to compile from this commit ? s-hadinger@edc898f And uncomment: |
I already made it! |
|
I work in Windows 10 and VSCode PlatformIO |
ascillato2
added
awaiting feedback
|
Perhaps a problem only at me? Maybe who else will check connection with gbridge.io |
|
I doubled check, and I was mistaken. It is not a TLS problem. Actually the TLS connection completes normally. It is when MQTT connection is started that there is an issue. Maybe a user/password issue or Retained messages unsupported.
Just forget everything I said above, and check your MQTT parameters. |
|
The problem as to me seems in the certificate On android the client (Virtuino MQTT) I managed successfully it was connected to gbridge.io only to a psla of the indication of the file of certificates downloaded at this link |
|
I've had to enable the private key support, too: development...s-hadinger:tls_force_ec#diff-abb73cfd1f384bb284b47c0788a61e8eR857 @ilya89vet. For me it connects to my mqtt broker successfully. |
|
I tried again, and in both cases I saw the TLS connection working: with or without forcing EC (Elliptic Curve). @ilya89vet your problem is in the MQTT layer, not the TLS layer. @timbru31 what mqtt broker are you using? Is it useful to merge "Force EC" into development? I'm still not sure this option is any useful. |
|
@s-hadinger I'm using mosquitto on my Raspberry Pi. Since it's in my local network only I'm also my own CA. For me it's useful :) - and with 6.6 it was the only way to connect, with fingerprint and no CA verification I had a lot of crashes (like esp8266/Arduino#6232) |
|
@timbru31 You don't have crash anymore with this version? s-hadinger/Tasmota@edc898f I've had devices connecting to AWS IoT (TLC EC with Private Key) and did not observe a single crash in days. |
|
Correct. (I've made the changes locally myself with the addition of the EC Private Key enabled, too, as stated above. But I'm not 100% if this was needed). My test device is running >2 days now with no restart/crash. |
Fix Force Elliptic Curve for Letsencrypt TLS #6042
In version 6.6 support of TLS appeared and I want to be connected directly to gbridge.io for control of the devices by means of Google Assistant
I compiled new version 6.6 with having uncommented both options
#define USE_MQTT_TLS and #define USE_MQTT_TLS_CA_CERT
After I tried to be connected to mqtt gbridge.io, BUT the device gives an error message "MQT: TLS connection error: 0"
What do I not so do?
And still, if I at assembly of the binary file activated TLS I cannot use usual unprotected mqtt connection any more?
The text was updated successfully, but these errors were encountered: