esp-idf/examples/protocols/https_mbedtls
2024-01-26 14:27:32 +08:00
..
main refactor(mbedtls): example https_mbedtls now runs on Linux 2024-01-26 14:27:32 +08:00
CMakeLists.txt feat(examples): add local components via idf_component.yml 2023-09-19 10:38:24 +02:00
pytest_https_mbedtls.py examples: enable build esp32c6 for wifi and network examples 2023-01-12 14:50:06 +08:00
README.md refactor(mbedtls): example https_mbedtls now runs on Linux 2024-01-26 14:27:32 +08:00
sdkconfig.ci kconfig: move remaining kconfig options out of target component 2022-05-23 17:57:45 +08:00

Supported Targets ESP32 ESP32-C2 ESP32-C3 ESP32-C6 ESP32-H2 ESP32-S2 ESP32-S3 Linux

HTTP server with TLS support using mbedTLS

(See the README.md file in the upper level 'examples' directory for more information about examples.)

Simple HTTPS example that uses mbedTLS to establish a secure socket connection using the certificate bundle with two custom certificates added for verification:

How to use example

Hardware Required

  • A development board with ESP32/ESP32-S2/ESP32-C3 SoC (e.g., ESP32-DevKitC, ESP-WROVER-KIT, etc.)
  • A USB cable for power supply and programming

Configure the project

idf.py menuconfig
  • Open the project configuration menu (idf.py menuconfig) to configure Wi-Fi or Ethernet. See "Establishing Wi-Fi or Ethernet Connection" section in examples/protocols/README.md for more details.

Build and Flash

Build the project and flash it to the board, then run monitor tool to view serial output:

idf.py -p PORT flash monitor

(Replace PORT with the name of the serial port to use.)

(To exit the serial monitor, type Ctrl-].)

See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.

Example Output

I (9599) example_connect: - IPv4 address: 192.168.194.219
I (9599) example_connect: - IPv6 address: fe80:0000:0000:0000:266f:28ff:fe80:2c74, type: ESP_IP6_ADDR_IS_LINK_LOCAL
I (9609) example: Seeding the random number generator
I (9619) example: Attaching the certificate bundle...
I (9619) example: Setting hostname for TLS session...
I (9629) example: Setting up the SSL/TLS structure...
I (9639) example: Connecting to www.howsmyssl.com:443...
I (10109) example: Connected.
I (10109) example: Performing the SSL/TLS handshake...
I (10789) esp-x509-crt-bundle: Certificate validated
I (15019) example: Verifying peer X.509 certificate...
I (15019) example: Certificate verified.
I (15019) example: Cipher suite is TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
I (15029) example: Writing HTTP request...
I (15039) example: 106 bytes written
I (15039) example: Reading HTTP response...
HTTP/1.0 200 OK
Content-Length: 2091
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Wed, 08 Sep 2021 09:28:59 GMT
Strict-Transport-Security: max-age=631138519; includeSubdomains; preload

{"given_cipher_suites":["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CCM","TLS_DHE_RSA_WITH_AES_256_CCM","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8","TLS_DHE_RSA_WITH_AES_256_CCM_8","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CCM","TLS_DHE_RSA_WITH_AES_128_CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8","TLS_DHE_RSA_WITH_AES_128_CCM_8","TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_256_CCM","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_CCM_8","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_128_CCM","TLS_RSA_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_CCM_8","TLS_EMPTY_RENEGOTIATION_INFO_SCSV"],"ephemeral_keys_supported":true,"session_ticket_supported":true,"tls_compression_supported":false,"unknown_cipher_suite_supported":false,"beast_vuln":false,"able_to_detect_n_minus_one_splitting":false,"insecure_cipher_suites":{},"tls_version":"TLS 1.2","rating":"Probably Okay"}
I (15829) example: Completed 1 requests
Minimum free heap size: 189136 bytes
I (15839) example: 10...
I (16839) example: 9...
I (17839) example: 8...
I (18839) example: 7...
I (19839) example: 6...