File tree 3 files changed +13
-12
lines changed
3 files changed +13
-12
lines changed Original file line number Diff line number Diff line change @@ -193,11 +193,12 @@ BearSSL does verify the notValidBefore/After fields.
193193 fetchURL (&client, host, port, path);
194194}
195195
196- void fetchAxTLS () {
196+ void fetchFaster () {
197197 Serial.printf (R"EOF(
198198The ciphers used to set up the SSL connection can be configured to
199- be the same as axTLS. They are faster, but less secure, so if you care
200- about security you won't want to do this.
199+ only support faster but less secure ciphers. If you care about security
200+ you won't want to do this. If you need to maximize battery life, these
201+ may make sense
201202)EOF"
202203 BearSSL::WiFiClientSecure client;
203204 client.setInsecure ();
@@ -206,10 +207,10 @@ about security you won't want to do this.
206207 uint32_t delta = millis () - now;
207208 now = millis ();
208209 client.setInsecure ();
209- client.setAxTLSCiphers ();
210+ client.setCiphersLessSecure ();
210211 fetchURL (&client, host, port, path);
211212 uint32_t delta2 = millis () - now;
212- Serial.printf (" Using more secure: %dms\n Usiing axTLS ciphers: %dms\n "
213+ Serial.printf (" Using more secure: %dms\n Using less secure ciphers: %dms\n "
213214}
214215
215216void setup () {
@@ -239,7 +240,7 @@ void setup() {
239240 fetchSelfSigned ();
240241 fetchKnownKey ();
241242 fetchCertAuthority ();
242- fetchAxTLS ();
243+ fetchFaster ();
243244}
244245
245246
Original file line number Diff line number Diff line change @@ -687,8 +687,8 @@ extern "C" {
687687 BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA
688688 };
689689
690- // For apps which want to use less secure but faster axTLS ciphers, only
691- static const uint16_t axtls_suites_P [] PROGMEM = {
690+ // For apps which want to use less secure but faster ciphers, only
691+ static const uint16_t faster_suites_P [] PROGMEM = {
692692 BR_TLS_RSA_WITH_AES_256_CBC_SHA256,
693693 BR_TLS_RSA_WITH_AES_128_CBC_SHA256,
694694 BR_TLS_RSA_WITH_AES_256_CBC_SHA,
@@ -735,10 +735,10 @@ extern "C" {
735735
736736}
737737
738- // Set the AXTLS ciphers as the only ones allowed
739- void WiFiClientSecure::setAxTLSCiphers ()
738+ // Set the faster ciphers as the only ones allowed
739+ void WiFiClientSecure::setCiphersLessSecure ()
740740{
741- setCiphers (axtls_suites_P , sizeof (axtls_suites_P )/sizeof (axtls_suites_P [0 ]));
741+ setCiphers (faster_suites_P , sizeof (faster_suites_P )/sizeof (faster_suites_P [0 ]));
742742}
743743
744744// Installs the appropriate X509 cert validation method for a client connection
Original file line number Diff line number Diff line change @@ -107,7 +107,7 @@ class WiFiClientSecure : public WiFiClient {
107107 // Select specific ciphers (i.e. optimize for speed over security)
108108 // These may be in PROGMEM or RAM, either will run properly
109109 void setCiphers (const uint16_t *cipherAry, int cipherCount) { _cipher_list = cipherAry; _cipher_cnt = cipherCount; }
110- void setAxTLSCiphers (); // Only use the limited set of axTLS ciphers
110+ void setCiphersLessSecure (); // Only use the limited set of RSA ciphers without EC
111111
112112 // Check for Maximum Fragment Length support for given len
113113 static bool probeMaxFragmentLength (IPAddress ip, uint16_t port, uint16_t len);
You can’t perform that action at this time.
0 commit comments