OTA over SSL
Posted: Tue Jan 17, 2017 3:58 pm
Is there a way to do an over the air update via SSL?
-->
Open Community Forum for ESP8266, Come share Arduino and IoT (Internet of Things)
https://www.esp8266.com/
Do you control the server which is serving OTA updates? Can you possibly enable TLS fragment size negotiation extension on the server side? Your code is crashing because it is running out of RAM. Sadly axTLS is not robust enough to bail out gracefully in oom condition. Reducing TLS fragment size can help reduce RAM requirements significantly.[/quotientSecure.
I know that nginx has an option to enable fragment length negotiation, known as ssl_buffer_size:
http://nginx.org/en/docs/http/ngx_http_ ... uffer_size
So if Tomcat doesn't support this TLS extension, you may set up an nginx proxy to do TLS termination and forward requests to your Tomcat server.
Default TLS buffer size is 16K bytes, so it does eat up considerable chunk of RAM on the ESP8266, and combined with handshake data this leaves next to nothing for the rest of the application.
On the ESP8266 core side of things, we have a patch to support fragment length negotiation as well (https://github.com/igrr/axtls-8266/comm ... 66678c5808), but it is not integrated into the Arduino core yet. I'll try to find some time to expose fragment length negotiation to WiFiClientSecure.