I'm facing an issue with the ESP8266HTTPClient and SSL.
#include <ESP8266HTTPClient.h>
const char* url= "https://someUrl.com";
const char* fingerPrint= "SO ME SH A1 FI NG ER PR IN T";
HTTPClient http;
http.begin(url, fingerPrint);
http.GET();
When doing this I receive the following in debug log:
State: sending Client Hello (1)
Alert: handshake failure
Error: SSL error 40
Alert: unexpected message
Error: SSL error 40
Alert: close notify
[HTTP-Client] failed connect to someUrl.com:443
I tried to check the fingerprint on grc and got the following response:
The SSL/TLS security certificate obtained from the remote server was invalid. The trouble was severe enough that we were unable to obtain the certificate's common name and/or fingerprint. There is a server answering on the HTTPS port 443 of the IP address associated with the domain name you supplied (shown above). But the server may be answering HTTPS as if it was HTTP and returning a web page rather than a proper SSL/TLS setup handshake. (We have encountered this behavior.)
Which makes me believe that there is something wrong with the SSL configuration on the host. But there are no issues with the certificate when visiting the url with my browser (tried IE, Edge and FireFox).
According to this comment to an issue on github there are only two supported cipher suites:
The host supports the following cipher suites:
Is there any chance to perform a HTTPS request to this host on an ESP8266 anyway? Maybe another HttpClient library?
Unfortunately not with the Arduino ESP8266 as it uses axTLS regardless of what HTTP client library you use. They simply do not support it.
However, the SDK from Espressif switched to mbedTLS a little while back, and mbedTLS Supported Cipher Suites show that it includes support for those ciphers. Code made with the Arduino SDK will be largely uncompatible with the Espressif SDK, however.