- This topic has 26 replies, 1 voice, and was last updated 3 years, 4 months ago by
-
Posts
-
-
Hi, I saw three lines of code mentioning stm32 in EMailSender.h mentioning support for the stm32 built-in ethernet. I have a stm32f103 blue pill with the option of using an ethernet w5100 or enc28j60. I already know it will work plain authentication on sendgrid, but could it work with TLS or SSL authentication on other email servers?
-
Hi ps2chiper,
I think, secure client, is not supported by the device, so It isn’t possibile to manage ssl/tsl encryption.
But I’m not sure, if I have some time I try to go in deep about that.
Bye Renzo
-
Thank you for the quick reply. How is secure client managed on the ESP8266? If I imagine correctly, it would be at the hardware level. But I believe stm32 can support encryption at the software level since I have seen ssl web clients written for smt32duino.
I’m just wondering if it would be possible to use something like OPEnSLab-OSU/SSLClient for encryption?
-
-
It’s true, my response wasn’t exaustive, sorry, but I have only mobile device with me 😅.
STM32 have sufficient resources, but w5100 or lower device like enc28j60 (with small buffer) can’t use an SSL encription.
You can get that result with some specialized or more powerful ethernet device (but check price 🥶 and do some evaluations).
But also with this device you must do some additional work. For Adafruit ethernet device (second link) you probably do some change on library to preserve resources. Or for support PHPoC Shield you must change library like EmailSender 😉 to support device.
For example I recovered an Arduino MRK WiFi 1010 to add support in EMailSender library, because It use different WiFi library and I must do any change.
But if you find more/different/light implementation of ssl or information write here, we are going to check better together.
Bye Renzo
-
Thank you again, you are far more familiar than I am with the requirements on the hardware. What made me think it was possible was this project https://github.com/khoih-prog/EthernetWebServer_SSL_STM32 and several others I seen pop up supporting SSL and TLS for more powerful microcontrollers.
-
Hi ps2chiper,
probably It’s possible, I have an SMT32 and various ethernet shield, I start to try in next week.
Bye Renzo
-
Thanks Renzo, I have two goals for your email sender library. To be able to send secure emails using either a esp8266 or esp32 over ethernet using the EthernetLarge or EthernetENC libraries that were developed with larger buffers. The second and less important issue is secure email over stm32, I was just wondering if it was possible because of the increased performance over avr. I was reading that it is mandatory to run esp8266 at 160mhz because the TLS is handled at a software level. Probably a cheap blue pill at 72mhz is too weak to handle software TLS effectively.
Perhaps higher end stm32 devices can handle it at a software level, but they cost more. I did read that the next round of esp32-wroom-32se devices will have an IC to handle hardware TLS 1.2. They are using an ATECC608A IC to accomplish this on the I2c bus. The BearSSL library supports ATECC608A and made me wonder if a cheap stm32 blue pill could use an ATECC608A as well?
What it comes down to are the trade offs. The lack of gpio pins on the esp* devices forcing me to take advantage of i2c and spi bus to drive devices. Or using a more pin friendly stm32 device, but it may not be able to handle secure connections at all.
Since I am a novice at programming, I have to rely on developed libraries that have interoperability between MCUs.
That is why I am so grateful for people like you!
-
I was able to send an email using an STM32F401CC and W5500 ethernet. I used SSLClient to make it work. For now I wrote out my own simple email client to serve as a proof of concept. You are correct about the Bluepill not having enough ram. SSLClient needs 32KB of ram to run in Bidirectional mode to support a SMTP connection. I am happy I was able to make it work, only took me another two computer science classes.
-
-
I am working on my own library in cpp. However, here is a proof of concept I posted using a couple of simple arduino sketches I mashed together.
https://github.com/OPEnSLab-OSU/SSLClient/issues/19
I still want to experiment using lwip on STM32 ethernet, but very few STM32 devices support native ethernet. Luckily, I do have one STM32F407VG and lan8720a adapter to test with.
As the world is turning right now, it seems the Pi Pico is the new Arduino and this solution would work perfectly for that microcontroller. I would also like to say that this solution would also work for an ESP32, if they did not want to use a lan8720a. The ESP32 devices with native ethernet have a limited number of pins. Another thing to consider is it is hard to find ESP32’s with native ethernet. It may just be easier to use the ESP32 without the WiFi and use SSLClient for ethernet.
-
-
I was able to get it to work on my Bluepill with 128KB flash.
I modified these two lines in the bearssl_ssl.h header.
/** \brief Optimal input buffer size. */
//#define BR_SSL_BUFSIZE_INPUT (16384 + 325)
#define BR_SSL_BUFSIZE_INPUT (1024 + 325)/** \brief Optimal output buffer size. */
//#define BR_SSL_BUFSIZE_OUTPUT (16384 + 85)
#define BR_SSL_BUFSIZE_OUTPUT (1024 + 85)It did fail once out of several email attempts from my Bluepill. I do not know the stability for using the connection on things other then simple text messages. I am just happy that after a year I was finally able to prove that it is possible to send an email from a Bluepill over SSL!
Sketch uses 103172 bytes (78%) of program storage space. Maximum is 131072 bytes.
Global variables use 13108 bytes (64%) of dynamic memory, leaving 7372 bytes for local variables. Maximum is 20480 bytes. -
-
-
-
Hi ps2chiper,
I push the branch, you can find It here.I create a define for EthernetLarge
#define DEFAULT_EMAIL_NETWORK_TYPE_SAMD NETWORK_ETHERNET_LARGEAnd you also must uncomment
#define SSLCLIENT_WRAPPERbut in the branch is already uncommented.
You must add thrust anchors with this command
emailSend.setTrustAnchors(TAs, (size_t)TAs_NUM, A3);I don’t test It, but with your change on bearssl_ssl.h header.
/** \brief Optimal input buffer size. */ //#define BR_SSL_BUFSIZE_INPUT (16384 + 325) #define BR_SSL_BUFSIZE_INPUT (1024 + 325) /** \brief Optimal output buffer size. */ //#define BR_SSL_BUFSIZE_OUTPUT (16384 + 85) #define BR_SSL_BUFSIZE_OUTPUT (1024 + 85)I also change SSLclient.h from this
unsigned char m_iobuf[2048];
To this
unsigned char m_iobuf[BR_SSL_BUFSIZE_BIDI];
as advised on your example.But I don’t understand how to manage TLS encryption.
Bye Renzo
-
I will try testing it tomorrow.
-
-
I am playing around with it, but so far I am getting this error. I am using Zoho mail.
Sending status:
0
250
)ending message error (553 Relaying disallowed as ps2chiper@zoho.com
done! -
Hi,
I found these informationsThe error message “Relaying disallowed” will occur in the following cases.
From address that you are trying to add in SMTP client might not be listed in your Send Mail as section (in Zoho Mail). Please ensure that the email address that you are trying to use is one of the From addresses present in your Send Mail as section. Refer help to locate Send Mail as page.
If “Outgoing Server Requires Authentication” option is not enabled in the SMTP client. Ensure that the settings entered are correct by referring this link help page.what is the port you use for SMTP server?
Can you try with gmail (with application password or insecure app)?
Bye Renzo
-
I use port 465. Zoho is the only one I want to test with since I confirmed it worked with my own client. I am trying to figure out why the debug stubs you have are not printing.
-
Derp. I am an idiot. I was using the wrong domain. The from address domain is zohomail.com and the mail server is mail.zoho.com. It worked now.
-
-
Hehehehehhe… fantastic!
Would you like to write the article where explain how you find this solution? and how to use the library with bluepill?I think It’s more correct that you write that and take the paternity 😛
Bye Renzo
-
Have you tested it yourself? I was thinking of maybe contributing an example to your repository.
-
-
Hi ps2chiper,
I think It’s a good idea.If you want, I’d be pleased if you wrote an article with all the steps, and I can help you with the schemas, cover, and others. Your knowledge about the problem can be helpful for other people.
Bye Renzo
-
I will start on it on Monday. I have been procrastinating too long.
-
-
-
-
-
- You must be logged in to reply to this topic.
