TLS 1.3 DNS over Https

Greetings,

Recently there is a lot of chatter about TLS 1.3 and DoH, mentioning that in two to three years, if your system doesn't support 1.3 you'll be left high and dry

I have a couple of Arduinos reaching out to the web for data.

What will happen there? Someone mentioned that Arduino didn't have the oomph to handle security algorithms...

Not a huge hurry, but I might consider switching to a more powerful platform for my next projects...

Cheers...

I have a couple of Arduinos reaching out to the web for data.

You might consider using a more powerful system as proxy for your projects. This makes sense for other reasons too.

Not a huge hurry, but I might consider switching to a more powerful platform for my next projects...

Arduinos shouldn't access the Internet directly. From a security point of view this is a no-go.

pylon:
You might consider using a more powerful system as proxy for your projects. This makes sense for other reasons too.

Arduinos shouldn't access the Internet directly. From a security point of view this is a no-go.

Thanks Pylon.

Could you please elaborate? I'm kinda new in this stuff.

I do currently have a Linux box, which interacts with the outside world (Universal Devices Polisy (polisy with S)).

The Arduino is currently sending Emails (SMTP2Go), is accessing a WeatherLink API and runs a LAN based web-server (with intention of a DDNS, so I can access data remotely).

Cheers;

Embedded devices like the Arduinos are usually don't get the updates a PC or server gets. Nobody with a clear mind will have a server connected to the Internet that wasn't updated for a year or so but many (or even most) embedded devices run for years without ever seeing a (security) software update. That's why you should never connect them directly to the Internet but always over a machine in between and that machine should be updated regularly.

A simple email forwarding server on the Linux box plus a small web service that gets the weather data and provides it to the Arduino and you successfully isolated the vulnerable device from the bad guys.