TLS support for

The Espressif documentation notes:

It is recommended to use TLS (Transport Layer Security) in all external communications (e.g., cloud communication, OTA updates) from the ESP device. ESP-IDF supports Mbed TLS as the official TLS stack.

As far as I can tell the current firmware only communicates over unauthenticated HTTP. This is particularly worrisome for OTA updates as (AFAIU) this is no protection against the firmware being tampered with in transit, or even DNS being hijacked.

Are there any plans on swithcing to TLS support for At the very least, if you were to add HTTPS support to your I could potentially try patching the firmware myself.

The S in IoT stands for security. — Tim Kadlec

Actually already supports HTTPS. I made a ticket on github to switch to these secure endpoints.

Thank you for raising this important topic.