Fletch and TLS

[Robert Åkerblom-Andersson]

Hi,

Looking at the documentation for the http library for Fletch I could not find much about SSL/TLS connections (https). 

This leads me to my question, considering the platforms Fletch is aiming for, is the plan to only support normal http and not https? Because of the extra computation required for encryption on a small device, or is that not the case. Encryption could also effect battery life of course.

I'm not expecting anything to work now, I know Fletch is under heavy development, I'm just thinking more in general if not supporting https is a deliberate decision because of the devices Fletch is targeting or if the devices targeted by Fletch in fact can handle https just fine. While I can image the Raspberry Pi 2 can handle https quite well I'm not as certain how well it would work on the STM32F746NGH6 microcontroller for example, and/or if that is the lowest spec MCU Fletch is going for or not. On that subject, one could potentially use the encryption capability as a general rule of thumb on how low spec MCUs to support maybe. 

The reason for this is of course that in most IoT systems there will be some sort of back end somewhere on the internet to store and view the data, for any data of value I would suggest that connection should be encrypted. Websockets also work a lot better over https, websockets over http have a tendency to not work as well over the Internet (because of all old proxies etc on the internet that are not built to support websockets, the https tunnel protects the websocket communication from all the old gear). And then we of course have the http2 as well that require https, there are lots of options to create a back end supporting http2 today (Ngixn, Jetty, Go, etc). 

So, is https something that a Fletch device could handle directly without the user having to create a complex setup with encryption gateways in between the Internet and the IoT devices? I assume the answer today is no, but I'm more interested in the answer for a future Fletch 1.0 release (or similar).

Best Regards, Robert

[Rico Wind]

Hey Robert,

We are actively investigating how to interface with mbed tls from fletch. If you are happy using just their default functions for entropy and others you can do it using just ffi today. The out of the box shared library that they build is a little big, but you can tweak it in the config file.

Cheers
Rico

--
You received this message because you are subscribed to the Google Groups "Fletch Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fletch-discus...@googlegroups.com.
To post to this group, send email to fletch-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/fletch-discuss/71330a2e-577f-4b58-8941-e34209612e60%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Robert Åkerblom-Andersson]

Hi Rico,

Okay that sounds interesting, I did not know about the mbed library before, it indeed looks promising. I think it would be great if you guys could find a way to integrate it into the fletch libraries. 

Cheers, Robert