- Tue Sep 01, 2020 9:49 pm
#88639
I not sure you understand what I'm saying. Before I even get to the web page, I must log onto the "network" provided by the AP mode of the ESP. If I long tap on my Android phone a list of available networks is listed. The ESP in AP mode is one of them. The characteristics state that security is WPA/WPA2/FT PSK. If I select it it connects. The chrome browser then reports (via caution triangle in the address bar) that the page is insecure AFTER I access it. In Windows if I click the network icon in the notification area I get a list of networks the same. If I select the ESP in AP mode Windows tells me the network is insecure, and "uses an older security standard that might not protect me." It will now connect, with similar results: as stated, in the past it wouldn't even connect.
- Wed Sep 02, 2020 6:18 pm
#88651
It sounds like you've got a captive portal set up in your code, and you're going from a secure web page on the initial portal connect and the redirect is taking you to your regular http, which is not secure.
You would need to either set the captive portal to normal http or use a secure server for your page.
It could also be the web page your phone is initially pinging is secure and that's where the redirect is happening - can you set the ESP to log all requests? Then you'd be able to see what's going on
You would need to either set the captive portal to normal http or use a secure server for your page.
It could also be the web page your phone is initially pinging is secure and that's where the redirect is happening - can you set the ESP to log all requests? Then you'd be able to see what's going on
- Tue Sep 22, 2020 10:52 pm
#88849
Actually this happens even without a web page set up. The situation occurs at the time of attempting to log onto the ESP as an ACCESS POINT.
AFTER that happens, if connection occurs, the web page can be accessed by typing the IP address into the web browser being used wether it's on a PC or mobile phone. Almost always the pc will fail to connect giving a notification that the device is using and "old security standard" and should not be connected to. If for some rare chance the pc does connect (it then usually drops) or via mobile phone, when the web page is accessed the browser then shows the web page as insecure via icon on the address bar; however it does function as it should. I've read several blogs on the subject but haven't seen a reasolution.
In this particular project it is not my desire to use station mode through a router, as the device may not have access to a router most of the time.
AFTER that happens, if connection occurs, the web page can be accessed by typing the IP address into the web browser being used wether it's on a PC or mobile phone. Almost always the pc will fail to connect giving a notification that the device is using and "old security standard" and should not be connected to. If for some rare chance the pc does connect (it then usually drops) or via mobile phone, when the web page is accessed the browser then shows the web page as insecure via icon on the address bar; however it does function as it should. I've read several blogs on the subject but haven't seen a reasolution.
In this particular project it is not my desire to use station mode through a router, as the device may not have access to a router most of the time.
- Wed Sep 23, 2020 1:32 am
#88852
I'm no WiFi or security expert but I vaguely rememer sthg like WPA2 having 2 security/encryption standards: one taken over from WPA (TKIP) and one new in the begin optional AES. Later TKIP got deemed insecure AFAIK. Maybe the windows warning is related to this scenario? At least I get a similar wrning when connecting to a WiFi w/o a password set.
