HTTPS Server Cipher Suite
Posted: Tue Mar 29, 2022 11:18 am
Hello!
For my current project i am developing a HTTPS Server that runs on the ESP32-S2. It shall be used by a mobile Application.
One of the requirements is that the Cipher Suite that shall be used will be ECDHE_RSA_AES128_SHA256.
From my understanding, i can simply implement the HTTPS Server as it is done in this example:
https://github.com/espressif/esp-idf/bl ... ain/main.c
In order to enable TLS Security (in general) i set the
However there seems to be no further configuration field to limit the supported Cipher Suite of my Server.
How do i do that?
I can configure mbedTLS via kconfig / MenuConfig as described here:
https://docs.espressif.com/projects/esp ... onfig.html
But i have some questions about it:
1 - "CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA"
Does this mean that the key exchange is done using ECDHE and the Authentication is done with RSA?
2 - Do i have to disable all the other unwanted key exchange methods if i want to limit the available cipher suites?
3 - If the key exchange / authentication is set as described in 1 and 2, how do i set the other two parts of the cipher suite (encryption algorithm as AES128 and hashing algorithm as SHA256) ?
4 - If i do the limiting of the cipher suite as described above, via the config, this will then also affect the HTTPS Client that i will be implementing, right? So i will not be able to send requests as a client while utilizing another Cipher Suite. Correct?
For my current project i am developing a HTTPS Server that runs on the ESP32-S2. It shall be used by a mobile Application.
One of the requirements is that the Cipher Suite that shall be used will be ECDHE_RSA_AES128_SHA256.
From my understanding, i can simply implement the HTTPS Server as it is done in this example:
https://github.com/espressif/esp-idf/bl ... ain/main.c
In order to enable TLS Security (in general) i set the
Code: Select all
.transport_mode = HTTPD_SSL_TRANSPORT_SECURE
How do i do that?
I can configure mbedTLS via kconfig / MenuConfig as described here:
https://docs.espressif.com/projects/esp ... onfig.html
But i have some questions about it:
1 - "CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA"
Does this mean that the key exchange is done using ECDHE and the Authentication is done with RSA?
2 - Do i have to disable all the other unwanted key exchange methods if i want to limit the available cipher suites?
3 - If the key exchange / authentication is set as described in 1 and 2, how do i set the other two parts of the cipher suite (encryption algorithm as AES128 and hashing algorithm as SHA256) ?
4 - If i do the limiting of the cipher suite as described above, via the config, this will then also affect the HTTPS Client that i will be implementing, right? So i will not be able to send requests as a client while utilizing another Cipher Suite. Correct?