You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Starting with version 10.0.0.4, TLS now support dual mode, depending of the value of `SetOption132`:
-`SetOption132 0` (default): the server's identity is checked against pre-defined Certificate Authorities. There is no further configuration needed. Tasmota includes the following CAs:
- (starting with 13.4.1.2) [LetsEncrypt X1 CA certificate](https://letsencrypt.org/certificates/), RSA 4096 bits, valid until 20300604
-[Let's Encrypt ISRG Root X1](https://letsencrypt.org/certificates/), RSA 4096 bits SHA 256, valid until 20300604, starting with Tasmota version 13.4.1.2
-[Amazon Root CA](https://www.amazontrust.com/repository/), RSA 2048 bits SHA 256, valid until 20380117, used by AWS IoT
-`SetOption132 1`: Fingerprint validation. This method works for any server certificate, including self-signed certificates. The server's public key is hashed into a fingerprint and compared to a pre-recorded value. This method is more universal but requires an additional configuration (see below)
There is no performance difference between both modes.
Because of [changes](https://letsencrypt.org/2024/04/12/changes-to-issuance-chains) in the Let's Encrypt certificate chain, Tasmota needs to be updated to at least version 13.4.1.2 to validate certificates generated by Let's Encrypt after June 6th 2024.
Because of [changes](https://letsencrypt.org/2024/04/12/changes-to-issuance-chains) in the Let's Encrypt certificate chain, Tasmota needs to be updated to at least version 13.4.1.2 to validate certificates issued by Let's Encrypt after June 6th, 2024.
