Code Monkey home page Code Monkey logo

Comments (5)

Eisbaeeer avatar Eisbaeeer commented on August 24, 2024

Ok, you are not abel to replicate, because the accesstoken is now blocked, because I posted it here. ;-)

from esp8266-iot-framework.

Eisbaeeer avatar Eisbaeeer commented on August 24, 2024

It seems, that AES128 depricated. How can I set the framework to use one of this ciphers?
2023-05-25 09_30_02-SSL Server Test_ www facebook com (Powered by Qualys SSL Labs) and 7 more pages

from esp8266-iot-framework.

Eisbaeeer avatar Eisbaeeer commented on August 24, 2024

Now I tried to set the ciphers in fetch.cpp with following ciphers. But if I set this ciphers, the fetch result is null.
I also tried to comment out the other things like "setInsecure, setSSLVersion" and so on. If I comment out the SetCiphers() fetch to goolge work fine, but fetch to graph.facebook.com running into the error The cipher AES128-SHA is not supported for TLSv1.2.
I tried some other cipher´s, too with same result. Is there something else to set to get it running?

`httpsClient->setCertStore(&certStore);

    std::vector<uint16_t> myCiphersList = { BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 };
    httpsClient->setCiphers(myCiphersList);
    httpsClient->setInsecure();
    httpsClient->setSSLVersion(BR_TLS12,BR_TLS12); `

Any idea or help?
Thank you!

from esp8266-iot-framework.

Eisbaeeer avatar Eisbaeeer commented on August 24, 2024

Ok, the reason, why it´s broken:

Encryption
When connecting to our servers your client must use TLS and be able to verify a certificate signed using sha256WithRSAEncryption.

Graph API supports TLS 1.2 and 1.3 and non-static RSA cipher suites. We are currently deprecating support for older TLS versions and static RSA cipher suites. Version 16.0 no longer supports TLS versions older than 1.1 or static RSA cipher suites. This change will apply to all API versions on May 3, 2023.

Is there any chance to get in running?

from esp8266-iot-framework.

maakbaas avatar maakbaas commented on August 24, 2024

Maybe its no longer relevant, or you found another solution. I recognize this can be an issue, but not immediately sure if and how this can be solved with BearSSL. I think the function calls you mentioned to try to set ciphers or SSL version is also what I found when shortly looking into this.

There is the website https://www.howsmyssl.com/ which you can send requests to and which then returns the information from your TLS request.

At least in my case it is using TLS 1.2 and also seems to advertise some ciphers using SHA256, allthough I am not sure which one of these exactly maps onto the one Meta is requiring.

{
    "given_cipher_suites": [
        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
        "TLS_ECDHE_ECDSA_WITH_AES_256_CCM",
        "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",
        "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",
        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
        "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
        "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
        "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
        "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
        "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
        "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
        "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
        "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
        "TLS_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_RSA_WITH_AES_128_CCM",
        "TLS_RSA_WITH_AES_256_CCM",
        "TLS_RSA_WITH_AES_128_CCM_8",
        "TLS_RSA_WITH_AES_256_CCM_8",
        "TLS_RSA_WITH_AES_128_CBC_SHA256",
        "TLS_RSA_WITH_AES_256_CBC_SHA256",
        "TLS_RSA_WITH_AES_128_CBC_SHA",
        "TLS_RSA_WITH_AES_256_CBC_SHA",
        "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
        "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
        "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
        "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
        "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
    ],
    "ephemeral_keys_supported": true,
    "session_ticket_supported": false,
    "tls_compression_supported": false,
    "unknown_cipher_suite_supported": false,
    "beast_vuln": false,
    "able_to_detect_n_minus_one_splitting": false,
    "insecure_cipher_suites": {},
    "tls_version": "TLS 1.2",
    "rating": "Probably Okay"
}

Now, If I set the cipher using httpsClient->setCiphers({BR_TLS_RSA_WITH_AES_256_CBC_SHA});, I get the following response, so at least this function is working.

{
    "given_cipher_suites": [
        "TLS_RSA_WITH_AES_256_CBC_SHA"
    ],
    "ephemeral_keys_supported": false,
    "session_ticket_supported": false,
    "tls_compression_supported": false,
    "unknown_cipher_suite_supported": false,
    "beast_vuln": false,
    "able_to_detect_n_minus_one_splitting": false,
    "insecure_cipher_suites": {},
    "tls_version": "TLS 1.2",
    "rating": "Improvable"
}

from esp8266-iot-framework.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.