Arduino Secure HTTPS Request
The Arduino can be made network-compatible with an Ethernet Shield (W5100). Common protocols such as TCP, UPD or HTTP are easily supported with this shield. There are also a lot of libraries available, that makes programming much easier. This makes it very easy for beginners to connect an Arduino to the internet. Now SSL is the security standard on WWW, so the call for encrypted data transfers on the Internet of Things is getting louder. This article is about the compatibility of SS/TLS HTTPS requests with an Arduino and about possible alternatives.
Why HTTPS at all?
Since HTTPS is standard on almost every web server, it is increasingly the case that the web server no longer accepts conventional HTTP requests. In this case, a microcontroller has to send data packets over HTTPS in order to be able to reach the server. Often the SSL certificate is not checked by the microcontroller because it is "only" a data transmission. If the SSL certificate is really checked, sensitive data could also be transmitted. In addition, HTTPS would also make sense for a bidirectional connection, since it is more difficult to manipulate a control command between server and controller.
Why Arduino can not handle HTTPS
For one thing, the processor is very slow for TLS, but it would still manage it with a lot of time. The Ethernet shield on an Arduino would also theoretically be suitable for an HTTPS request. It primarily fails due to the RAM of the Arduino, which is simply too small for SSL/TLS encryption.
What are the alternatives?
Newer boards with faster processors and more RAM are usually suitable for this. Boards that are specially designed for the Internet of Things, such as the ESP8266 or ESP32 support SSL / TLS and have enough resources for this. But even there, an HTTPS request takes a few seconds until it is finished. Linux-based Arduino boards or MKR boards would also perform.