Go Down

Topic: Ethernet Shield & HTTPS (Read 8221 times) previous topic - next topic

gport

Hi All,

So have been experimenting quite happily with my ethernet shield.....however have come across a small problem.

I'm trying to send a 'get' request to a 'HTTPS' page....

Set the port to 443 instead of 80:

  Client client(server, 443);

and add the request:

  client.println("GET /secure/rx_test.asp?d=1 HTTP/1.1");


This connects fine and returns 'connected', however nothing else...it just sits there. I'm presuming its waiting for a response to a challenge or something?

I've tried the IP/URL in a browser and all as expected so the URL is good and I've tried other HTTP URLs and are all fine.

Unfortunately, I do not have any control over the HTTPS server side settings (except scripting) though I see sites such Pachube manage/advertise HTTPS? So it must be possible?

Any pointers/help would be much appreciated...

Thanks,

GS

pluggy

#1
May 09, 2010, 06:02 pm Last Edit: May 09, 2010, 06:04 pm by stephen_t Reason: 1
It won't work with https sites, the arduino libraries don't support encryption, probably because of the severe lack of resources on the arduino.  You can use Pachube without encryption, which is how the arduino setups do it.  
http://pluggy.is-a-geek.com/index.html

gport

Thanks for the info....was hoping it would at least 'call' the URL so it would trigger a script - not too bothered about a response.

Ah well.....back to the drawing board.

Thanks again,

GS

evilx

#3
May 09, 2010, 11:25 pm Last Edit: May 09, 2010, 11:43 pm by evilx Reason: 1
If you are looking for a semi/decent secure way to send/receive data, and since you can't use SSL. I would look into having your webpage return the data in a xOR cipher ( http://en.wikipedia.org/wiki/XOR_cipher ), and have your arduino programmed with the key, and your page also with the key. I am not sure how long it would take to encrypt/decrypt the data on the arduino, but never hurts to give it a shot.

Here what I was thinking...
You can use a standard http access and pass it message encrypted with xor asking for a key to be used, which will generated a random key encrypted with the xor cipher on the server ( so the trigger cant be accessed by anyone ) ¬†and send back to the arduino. Then you can pass along your trigger command encrypted with this new key.  This way the key are never known, except on the arduino and server.

Go Up