Limit cipher list to most commonly used

ricki-z · ricki-z · commit 68b2a3566c8f · 2021-08-11T11:00:41.000+02:00
SCD auto calibration status added to status page
diff --git a/airrohr-firmware/airrohr-firmware.ino b/airrohr-firmware/airrohr-firmware.ino
@@ -1660,6 +1660,12 @@ static void webserver_status() {
 		page_content += FPSTR(EMPTY_ROW);
 		add_table_row_from_value(page_content, FPSTR(SENSORS_SDS011), last_value_SDS_version);
 	}
+	if (cfg::scd30_read) {
+		if (scd30.getAutoSelfCalibration() == true)
+	        add_table_row_from_value(page_content, F("SCD30 Auto Calibration"), "enabled");
+    	else
+	        add_table_row_from_value(page_content, F("SCD30 Auto Calibration"), "disabled");
+	}
 
 	page_content += FPSTR(EMPTY_ROW);
 	page_content += F("<tr><td colspan='2'><b>" INTL_ERROR "</b></td></tr>");
@@ -2222,6 +2228,7 @@ static WiFiClient* getNewLoggerWiFiClient(const LoggerEntry logger) {
 #if defined(ESP8266)
 		static_cast<WiFiClientSecure*>(_client)->setSession(loggerConfigs[logger].session);
 		static_cast<WiFiClientSecure*>(_client)->setBufferSizes(1024, TCP_MSS > 1024 ? 2048 : 1024);
+		static_cast<WiFiClientSecure*>(_client)->setCiphers(suites_P, sizeof(suites_P)/sizeof(suites_P[0]));
 		static_cast<WiFiClientSecure*>(_client)->setSSLVersion(BR_TLS12, BR_TLS12);
 		switch (logger) {
 		case Loggeraircms:
diff --git a/airrohr-firmware/defines.h b/airrohr-firmware/defines.h
@@ -144,3 +144,24 @@ constexpr const unsigned long DURATION_BEFORE_FORCED_RESTART_MS = ONE_DAY_IN_MS
 #define CLIENT_ADDRESS 2
 #define SERVER_ADDRESS 100
 #endif
+
+// smaller cipher list to speed up TLS connections
+static const uint16_t suites_P[] PROGMEM = {
+    BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+    BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+    BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+    BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+    BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+    BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+    BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+    BR_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+    BR_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+    BR_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+    BR_TLS_RSA_WITH_AES_128_GCM_SHA256,
+    BR_TLS_RSA_WITH_AES_256_GCM_SHA384,
+// basic ciphers used in axTLS
+    BR_TLS_RSA_WITH_AES_128_CBC_SHA256,
+    BR_TLS_RSA_WITH_AES_256_CBC_SHA256,
+    BR_TLS_RSA_WITH_AES_128_CBC_SHA,
+    BR_TLS_RSA_WITH_AES_256_CBC_SHA,
+};
