[ANN] Upgrade to axTLS 2.1.3 ("ussl" module improvements)

[pfalcon]

The latest git master (and thus daily builds from tomorrow) contains upgrade of TLS library, axTLS, to the version 2.1.3 (latest).

Important things enabled by this upgrade:

• TLS 1.2 support. 1.2 is the current version of TLS standard. As previous versions are known to have issues and vulnerabilities, some sites aggressively disable old versions.
• SNI (Server Name Indication) support. (server_hostname parameter to ussl.wrap_socket() call). This is feature required to access virtual SSL hosts hosted on the same physical server (which is pretty common).

Things improved:

• Given the tendency of growing certificate sizes, TLS record buffer was grown to 5K from 4K. This should allow to establish connection with many more SSL sites - of course, at the expense of memory available to your application for anything else.

What still didn't change:

• No possible to stream SSL data (e.g. to download large files over SSL).
• No server certificate verification
• No client certificate support

Overall, these should be big improvements for intended SSL usecases on ESP8266, where you connect to a "cloud" which forces SSL usage to exchange short API messages. However, the old rule of thumb still holds: if you can avoid SSL usage, avoid it.

Free free to share your experiences with the new version of module here.

[pfalcon]

1.9.2 will be released in a month in the earliest, we only start to land features which yet need to be tested well.