ussl module: N00b help requested.

All ESP8266 boards running MicroPython.
Official boards are the Adafruit Huzzah and Feather boards.
Target audience: MicroPython users with an ESP8266 board.
Post Reply
User avatar
pythoncoder
Posts: 5956
Joined: Fri Jul 18, 2014 8:01 am
Location: UK
Contact:

ussl module: N00b help requested.

Post by pythoncoder » Fri Aug 25, 2017 4:01 pm

[EDIT]I'm baffled by ussl and evidently lack a grasp of the practical concepts. Examples I've found of python code using ssl fail on ussl because the parameters used aren't supported. If anyone can offer a simple example of using ussl I can try to adapt it to my MQTT problem. MQTT-specific help would be even more welcome ;)

I'm testing with the public MQTT broker at mosquitto.org which supports SSL. What changes do I need to make this test script use SSL? How do I then invoke mosquitto_sub? I've downloaded the certificate files mosquitto.org.der and mosquitto.org.pem - but how do I use them?

Code: Select all

from umqtt.simple import MQTTClient
from utime import sleep
server='test.mosquitto.org'
c = MQTTClient('umqtt_client', server, ssl = False, ssl_params = {})
c.connect()
try:
    while True:
        c.publish(b'foo_topic', b'hello')
        print('Publish')
        sleep(10)
finally:
    c.disconnect()
Testing with

Code: Select all

mosquitto_sub -h test.mosquitto.org -t foo_topic
Peter Hinch
Index to my micropython libraries.

User avatar
rdagger
Posts: 143
Joined: Tue Feb 28, 2017 6:16 pm
Contact:

Re: ussl module: N00b help requested.

Post by rdagger » Sun Dec 10, 2017 8:04 pm

Did you get the SSL working with MQTT?

User avatar
pythoncoder
Posts: 5956
Joined: Fri Jul 18, 2014 8:01 am
Location: UK
Contact:

Re: ussl module: N00b help requested.

Post by pythoncoder » Mon Dec 11, 2017 6:01 am

I haven't had the chance to revisit this but there have been recent changes to SSL/TLS which should enable it to work. But read the caveats here http://docs.micropython.org/en/latest/e ... neral.html notably those at the end regarding certificates. Also I gather that initiating a TLS connection takes 25s on the ESP8266 because of the complexity of the encryption algorithm.
Peter Hinch
Index to my micropython libraries.

User avatar
Mike Teachman
Posts: 155
Joined: Mon Jun 13, 2016 3:19 pm
Location: Victoria, BC, Canada

Re: ussl module: N00b help requested.

Post by Mike Teachman » Mon Dec 11, 2017 6:31 pm

TLS works with MQTT, tested with v1.9.3. Some example code at this Github repo shows how to enable TLS with MQTT.
https://github.com/MikeTeachman/micropy ... tt-esp8266

I observed that TLS uses about 9k bytes of heap space (!), about 1/4 of the heap for the ESP8266 port.

Here's the relevant code.

Code: Select all

#
# connect to Thingspeak MQTT broker
# connection uses unsecure TCP (port 1883)
# 
# Steps to change to a secure connection (encrypted) using TLS
#   a) change port below to "port=8883
#   b) add parameter "ssl=True"
#   NOTE:  TLS uses about 9k bytes of the heap. That is a lot.
#          (about 1/4 of the micropython heap on the ESP8266 platform)
#
thingspeakUrl = b"mqtt.thingspeak.com" 
thingspeakUserId = b"USER_ID"          # EDIT - enter Thingspeak User ID
thingspeakMqttApiKey = b"MQTT_API_KEY" # EDIT - enter Thingspeak MQTT API Key
client = MQTTClient(client_id=myMqttClient, 
                    server=thingspeakUrl, 
                    user=thingspeakUserId, 
                    password=thingspeakMqttApiKey, 
                    port=1883)

User avatar
pythoncoder
Posts: 5956
Joined: Fri Jul 18, 2014 8:01 am
Location: UK
Contact:

Re: ussl module: N00b help requested.

Post by pythoncoder » Tue Dec 12, 2017 6:54 am

Good to know it now works. I think you'll find that the port arg is unnecessary as the MQTTClient constructor chooses the standard 1883/8883 ports depending on the value of ssl.

Did you experience 25 second connection times under TLS?
Peter Hinch
Index to my micropython libraries.

User avatar
Mike Teachman
Posts: 155
Joined: Mon Jun 13, 2016 3:19 pm
Location: Victoria, BC, Canada

Re: ussl module: N00b help requested.

Post by Mike Teachman » Tue Dec 12, 2017 9:27 pm

pythoncoder wrote:
Tue Dec 12, 2017 6:54 am
I think you'll find that the port arg is unnecessary as the MQTTClient constructor chooses the standard 1883/8883 ports depending on the value of ssl.
Thanks for this tip! I'll update the comments in the code example.
pythoncoder wrote:
Tue Dec 12, 2017 6:54 am
Did you experience 25 second connection times under TLS?
It's hard to say as I wasn't paying much attention to connect times. I'll try out the example code again with/without TLS, to measure the performance difference. I'll report back when I get some results.

User avatar
Mike Teachman
Posts: 155
Joined: Mon Jun 13, 2016 3:19 pm
Location: Victoria, BC, Canada

Re: ussl module: N00b help requested.

Post by Mike Teachman » Wed Dec 13, 2017 5:55 am

here are some performance results with MQTT Connect and Publish, with and without TLS security. Thingspeak MQTT broker.

TLS Enabled (secure connection):
MQTT Connect: 1.8s to 2.1s
MQTT Publish: 10ms

no TLS (unsecured connection):
MQTT Connect: 0.4s
MQTT Publish: 3ms

User avatar
pythoncoder
Posts: 5956
Joined: Fri Jul 18, 2014 8:01 am
Location: UK
Contact:

Re: ussl module: N00b help requested.

Post by pythoncoder » Thu Dec 14, 2017 9:17 am

Impressively quick :)
Peter Hinch
Index to my micropython libraries.

Post Reply