{"id":21881522,"url":"https://github.com/jiribilek/esp_atmod","last_synced_at":"2025-08-22T00:19:49.748Z","repository":{"id":43092511,"uuid":"263677544","full_name":"JiriBilek/ESP_ATMod","owner":"JiriBilek","description":"ESP8266 AT Firmware (Command Processor) With TLS 1.2 Capability","archived":false,"fork":false,"pushed_at":"2024-11-04T20:05:49.000Z","size":158,"stargazers_count":29,"open_issues_count":0,"forks_count":11,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-15T05:17:18.958Z","etag":null,"topics":["at","at-firmware","esp8266","ssl","tls","tls12"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JiriBilek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-13T15:59:48.000Z","updated_at":"2025-03-24T01:15:11.000Z","dependencies_parsed_at":"2024-08-25T09:25:51.487Z","dependency_job_id":"c28b13c0-dca6-43cf-b283-9fba06f0f86e","html_url":"https://github.com/JiriBilek/ESP_ATMod","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JiriBilek%2FESP_ATMod","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JiriBilek%2FESP_ATMod/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JiriBilek%2FESP_ATMod/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JiriBilek%2FESP_ATMod/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JiriBilek","download_url":"https://codeload.github.com/JiriBilek/ESP_ATMod/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249010222,"owners_count":21197796,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["at","at-firmware","esp8266","ssl","tls","tls12"],"created_at":"2024-11-28T09:19:21.763Z","updated_at":"2025-04-15T05:17:24.593Z","avatar_url":"https://github.com/JiriBilek.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ESP 8266 AT Firmware - modified for TLS 1.2\n\nThis firmware comes as an [Arduino esp8266](https://github.com/esp8266/Arduino#arduino-on-esp8266) sketch.\n\nThis file refers to version 0.5.0 of the firmware.\n\n## Purpose\n\nThe AT firmware provided by Espressif comes with basic TLS ciphersuites only. Especially, the lack of GCM-based ciphersuites makes the SSL part of the Espressif's firmware unusable on more and more web sites. This firmware addresses this issue.\n\n**The goal was to enable all modern ciphersuites implemented in BearSSL library included in esp8266/Arduino project including with some server authentication (server certificate checking).**\n\nThe firmware fits into 1024 KB flash and can be run even on ESP-01 module with 8 Mbit flash.\n\n## Description\n\nThe firmware does not (and likely will not) implement the whole set of AT commands defined in Espressif's documentation.\n\nThe major differences are:\n\n1. Only TCP mode (with or without TLS) is supported, no UDP.\n\n2. In multiplex mode (AT+CIPMUX=1), 5 simultaneous connections are available. Due to memory constraints, there can be only one TLS (SSL) connection at a time with standard buffer size, more concurrent TLS connections can be made with a reduced buffer size (AT+CIPSSLSIZE). When the buffer size is 512 bytes, all 5 concurrent connections can be TLS.\n\nNew features:\n\n1. Implemented TLS security with state-of-the-art ciphersuites: certificate fingerprint checking or certificate chain verification.\n\n2. Implemented TLS MFLN check (RFC 3546), setting TLS receive buffer size, checking MFLN status of a connection.\n\n## Status\n\nThe firmware is still in work-in-progress state. It has been tested and is running on my devices but there might be deviations from the expected behaviour.\n\nMy testing environment uses the [WifiEsp library](https://github.com/bportaluri/WiFiEsp) and also the newer [WiFiEspAT library](https://github.com/jandrassy/WiFiEspAT).\n\n## The Future\n\nNext development will be focused on\n\n1. More complete AT command implementation.\n\n## Installation\n\nThere are two options for compiling and flashing this library.\n\n### Arduino IDE\n\nFirst you have to install [Arduino IDE](https://www.arduino.cc/en/software) and the [core](https://github.com/esp8266/Arduino#installing-with-boards-manager) for the ESP8266 chip. Next get all source files from this repository, place them in a folder named **ESP_ATMod** and compile and upload to your ESP module.\n\nAfter flashing, the module will open serial connection on RX and TX pins with 115200 Bd, 8 bits, no parity. You can talk with the module using a serial terminal of your choice.\n\n**IMPORTANT NOTE:** From the firmware version 0.4.0 on, you need to use the Arduino Core for 8266 version 3.0+.\n\n### PlatformIO\n\nAn alternative to using the Arduino IDE is to use PlatformIO.\n\n1. Install [PlatformIO](https://platformio.org/)\n2. Make sure that your device is in flashing mode\n3. In your favourite terminal and from the root of this repository, run\n   the following command to build and upload the sketch to the device:\n   ```\n   platformio run --target upload\n   ```\n\nThis has been configured and tested for the ESP-01 Black.\n\n## Add certificates\n\nCertificates are stored in the ESP's filesystem with LittleFS. To add a certificate follow the following steps. \n\n**IMPORTANT: the certifcate must be in .pem format.**\n\n1. Copy the certificate you want to the data directory in ESP_ATMod\n2. Install the [LittleFS Filesystem Uploader](https://github.com/earlephilhower/arduino-esp8266littlefs-plugin#installation) \n3. Select Tools \u003e ESP8266 LittleFS Data Upload menu item. This should start uploading the files into ESP8266 flash file system. When done, IDE status bar will display LittleFS Image Uploaded message. Might take a few minutes for large file system sizes.\n4. Now upload the ESP_ATMod sketch to the ESP.\n5. The certificate(s) you uploaded are now loaded and ready to use (you can check them with [AT+CIPSSLCERT](https://github.com/JiriBilek/ESP_ATMod#atcipsslcert---load-query-or-delete-tls-ca-certificate)).\n6. (Optional) You may delete the .gitkeep file in the data directory. It is only there to push and pull the data directory in git. Not deleting the .gitkeep file won't do any harm.\n\n## AT Command List\n\nIn the following table, the list of supported AT commands is given. In the comment, only a difference between this implementation and the original Espressif's AT command firmware is given. The commands are implemented according to the Espressif's documentation, including the command order. Please refer to the [Espressif's documentation](https://www.espressif.com/sites/default/files/documentation/4a-esp8266_at_instruction_set_en.pdf) for further information.\n\nAT commands with _DEF and _CUR have (as in the standard AT firmware) an undocumented version without _DEF/CUR for backward compatibility (and forward too since AT 2 doesn't use _DEF/CUR). The command without _DEF/CUR behaves as _CUR for query and as _DEF for set (stores the parameters to the flash).\n\n| Command | Description |\n| - | - |\n| [**Basic AT Commands**](https://docs.espressif.com/projects/esp-at/en/latest/AT_Command_Set/Basic_AT_Commands.html#basic-at-commands) |  |\n| AT | Test AT startup. |\n| AT+RST | Restart a module. |\n| AT+GMR | Check version information. |\n| ATE | Configure AT commands echoing. |\n| AT+RESTORE | Restore factory default settings of the module. |\n| AT+UART_CUR | Current UART configuration, not saved in flash. |\n| AT+UART_DEF | Default UART configuration, saved in flash. |\n| AT+SYSRAM | Query current remaining heap size and minimum heap size. |\n| [**Wi-Fi AT Commands**](https://docs.espressif.com/projects/esp-at/en/latest/AT_Command_Set/Wi-Fi_AT_Commands.html#wi-fi-at-commandss) |  |\n| AT+CWMODE | Set the Wi-Fi mode (Station/SoftAP/Station+SoftAP). |\n| AT+CWJAP_CUR | Connect to an AP, parameter \u0026lt;pci_en\u0026gt; not implemented |\n| AT+CWJAP_DEF | Connect to AP, saved to flash. Parameter \u0026lt;pci_en\u0026gt; not implemented |\n| AT+CWLAPOPT | Set the configuration for the command AT+CWLAP. |\n| AT+CWLAP | List available APs. |\n| AT+CWQAP | Disconnect from an AP. |\n| AT+CWSAP_CUR | Start SoftAP, parameter \u0026lt;ecn\u0026gt; is not used. WPA_WPA2_PSK is used, if \u0026lt;pwd\u0026gt; is not empty. |\n| AT+CWSAP_DEF | Connect to AP, saved to flash. Parameter \u0026lt;ecn\u0026gt; is not used. WPA_WPA2_PSK is used, if \u0026lt;pwd\u0026gt; is not empty. |\n| AT+CWDHCP_CUR | Enable/disable DHCP - SoftAP DHCP server enabling is not immplemented. |\n| AT+CWDHCP_DEF | Enable/disable DHCP saved to flash - SoftAP DHCP server enabling is not immplemented. |\n| AT+CWAUTOCONN | Connect to an AP automatically when powered on. |\n| AT+CIPSTAMAC_CUR | Sets or prints the MAC Address of the ESP8266 Station. Only query is implemented.\n| AT+CIPSTAMAC_DEF | Sets or prints the MAC Address of the ESP8266 Station stored in flash. Only query is implemented.\n| AT+CIPAPMAC_CUR | Sets or prints the MAC Address of the ESP8266 SoftAP. Only query is implemented.\n| AT+CIPAPMAC_DEF | Sets or prints the MAC Address of the ESP8266 SoftAP stored in flash. Only query is implemented.\n| AT+CIPSTA_CUR | Query/Set the IP address of an ESP station. |\n| AT+CIPSTA_DEF | Set and/or print current IP address, gateway and network mask, stored in flash. |\n| AT+CIPAP_CUR | Query/Set the current IP address of the SoftAP. |\n| AT+CIPAP_DEF | Set and/or print SoftAP IP address, gateway and network mask, stored in flash. |\n| AT+CWHOSTNAME | Query/Set the host name of an ESP Station. |\n| [**TCP/IP AT Commands**](https://docs.espressif.com/projects/esp-at/en/latest/AT_Command_Set/TCP-IP_AT_Commands.html) |  |\n| AT+CIPSTATUS | Obtain the TCP/UDP/SSL connection status and information. |\n| AT+CIPDOMAIN | Resolve a Domain Name. |\n| AT+CIPSTART |Establish TCP connection, or SSL connection. Only one TLS connection at a time. |\n| [AT+CIPSSLSIZE](https://github.com/JiriBilek/ESP_ATMod#atcipsslsize---set-the-tls-receiver-buffer-size) | Change the size of the receiver buffer (512, 1024, 2048 or 4096 bytes) |\n| AT+CIPSEND |  Send data in the normal transmission mode or Wi-Fi passthrough mode. |\n| AT+CIPCLOSEMODE | Set the Close Mode of TCP Connection. |\n| AT+CIPCLOSE | Close TCP/SSL connection. |\n| AT+CIFSR | Obtain the local IP address and MAC address. |\n| AT+CIPMUX | Enable/disable the multiple connections mode. Max. 5 conections, only one of them can be TLS |\n| AT+CIPSNTPCFG | Query/Set the time zone and SNTP server. |\n| AT+CIPSNTPTIME | Query the SNTP time. |\n| AT+CIPDINFO | Set +IPD message mode. |\n| [AT+CIPRECVMODE](https://github.com/JiriBilek/ESP_ATMod#atciprecvmode-atciprecvdata-atciprecvlen-in-ssl-mode) | Query/Set socket receiving mode. |\n| [AT+CIPRECVDATA](https://github.com/JiriBilek/ESP_ATMod#atciprecvmode-atciprecvdata-atciprecvlen-in-ssl-mode) | Obtain socket data in passive receiving mode. |\n| [AT+CIPRECVLEN](https://github.com/JiriBilek/ESP_ATMod#atciprecvmode-atciprecvdata-atciprecvlen-in-ssl-mode) | Obtain socket data length in passive receiving mode. |\n| AT+CIPDNS_CUR | Query/Set DNS server information. |\n| AT+CIPDNS_DEF | Default DNS setting, stored in flash |\n| [AT+CIPSERVER](#atcipserver-atcipservermaxconn-and-atcipsto) | Deletes/Creates TCP Server |\n| AT+CIPSERVERMAXCONN | Set the maximum connections allowed by server |\n| AT+CIPSTO | Sets the TCP Server Timeout |\n| **New commands** |  |\n| [AT+SYSCPUFREQ](https://github.com/JiriBilek/ESP_ATMod#atsyscpufreq---set-or-query-the-current-cpu-frequency) | Set or query the current CPU frequency. |\n| [AT+RFMODE](https://github.com/JiriBilek/ESP_ATMod#atrfmode---get-and-change-the-physical-wifi-mode) | Set the physical wifi mode. |\n| [AT+CIPSSLAUTH](https://github.com/JiriBilek/ESP_ATMod#atcipsslauth---set-and-query-the-tls-authentication-mode) | Set and query the TLS authentication mode. |\n| [AT+CIPSSLFP](https://github.com/JiriBilek/ESP_ATMod#atcipsslfp---load-or-print-tls-server-certificate-sha-1-fingerprint) | Load or print the TLS server certificate fingerprint. |\n| [AT+CIPSSLCERTMAX](https://github.com/JiriBilek/ESP_ATMod#atcipsslcertmax---query-or-set-maximum-certificates-to-load) | Query or set the maximum amount of certificates that can be loaded. |\n| [AT+CIPSSLCERT](https://github.com/JiriBilek/ESP_ATMod#atcipsslcert---load-query-or-delete-tls-ca-certificate) | Load, query or delete TLS CA certificate. |\n| [AT+CIPSSLMFLN](https://github.com/JiriBilek/ESP_ATMod#atcipsslmfln---checks-if-the-given-site-supports-the-mfln-tls-extension) | Check if the site supports Maximum Fragment Length Negotiation (MFLN). |\n| [AT+CIPSSLSTA](https://github.com/JiriBilek/ESP_ATMod#atcipsslsta---checks-the-status-of-the-mfln-negotiation) | Prints the MFLN status of a connection. |\n| [AT+SNTPTIME](https://github.com/JiriBilek/ESP_ATMod#atsystime---returns-the-current-time-utc) | Get SNTP time. |\n| [**New Ethernet AT Commands**](https://docs.espressif.com/projects/esp-at/en/latest/esp32/AT_Command_Set/Ethernet_AT_Commands.html) |  |\n| AT+CIPETHMAC_CUR | Sets or prints the MAC Address of the Ethernet interface. |\n| AT+CIPETHMAC_DEF | Sets or prints the MAC Address of the Ethernet interface stored in flash. Save to flash is not implemented. |\n| AT+CIPETH_CUR | Query/Set the IP address of the Ethernet interface. |\n| AT+CIPETH_DEF | Set and/or print current IP address, gateway and network mask, stored in flash. |\n| AT+CEHOSTNAME | Query/Set the host name of the Ethernet interface. |\n\n## Changed Commands\n\n### **AT+CIPSSLSIZE - Set the TLS Receiver Buffer Size**\n\nSets the TLS receiver buffer size. The size can be 512, 1024, 2048, 4096 or 16384 (default) bytes according to [RFC3546](https://tools.ietf.org/html/rfc3546). The value is used for all subsequent TLS connections, the opened connections are not affected.\n\n*Command:*\n\n```\nAT+CIPSSLSIZE=512\n```\n\n*Answer:*\n```\n\nOK\n``` \n\n### **AT+CIPRECVMODE, AT+CIPRECVDATA, AT+CIPRECVLEN in SSL mode**\n\nCommands \n\n- AT+CIPRECVMODE (Set TCP or SSL Receive Mode)\n- AT+CIPRECVDATA (Get TCP or SSL Data in Passive Receive Mode)\n- AT+CIPRECVLEN (Get TCP or SSL Data Length in Passive Receive Mode)\n\nWorks in SSL mode in the same way as in TCP mode.\n\n### **AT+CIPSERVER, AT+CIPSERVERMAXCONN and AT+CIPSTO**\n\nThe standard AT firmware supports only one server. This firmware support up to 5 server with same AT+CIPCIPSERVER command.\n\nIn standard AT firmware 1.7 executing `AT+CIPSERVER=1,\u003cport\u003e` again even if the port is different prints no change and OK. Here it starts a new server. \"no change\" is returned only if maximum count of servers is reached.\n\nIn standard AT firmware 1.7 executing AT+CIPSERVER=0 stops the one server. Here it stops the first one. Executing `AT+CIPSERVER=0,\u003cport\u003e` stops the server listening on `\u003cport\u003e`.\n\nCIPSERVERMAXCONN and CIPSTO are global settings, They apply to all servers.\n\n### **AT+CWDHCP**\n\nIn standard AT firmware AT_CWDHCP enables/disables the DHCP client for STA (mode 0) and starts or stops the DHCP server for SoftAP (mode 1). In ESP_ATMod the SoftAP DHCP server is always enabled. The AT+CWDHCP command is not implemented for SoftAP.\n\nFor Ethernet support, the AT+CWDHCP command is enhanced. The Ethernet DHCP client is enabled/disabled with mode 3. For AT+CWDHCP?, state of the Ethernet DHCP client is returned in third bit.\n\n## New Commands\n\n### **AT+SYSCPUFREQ - Set or query the Current CPU Frequency**\n\nSets and queries the CPU freqency. The only valid values are 80 and 160 Mhz.\n\n**Query:**\n\n*Command:*\n```\nAT+SYSCPUFREQ?\n```\n\n*Answer:*\n```\n+SYSCPUFREQ=80\n\nOK\n```\n\n**Set:**\n\n*Command:*\n```\nAT+SYSCPUFREQ=\u003cfreq\u003e\n```\n\n*Answer:*\n```\n\nOK\n```\n\nThe value freq may be 80 or 160.\n\n### **AT+RFMODE - Get and Change the Physical Wifi Mode**\n\nSets and queries the physical wifi mode.\n\n**Query:**\n\n*Command:*\n```\nAT+RFMODE?\n```\n\n*Answer:*\n```\n+RFMODE=1\n\nOK\n```\n\n**Set:**\n\n*Command:*\n```\nAT+RFMODE=\u003cmode\u003e\n```\n\n*Answer:*\n```\n\nOK\n```\n\nThe allowed values of \u0026lt;mode\u0026gt; are:\n\n| Mode | Description |\n| - | - |\n| 1 | IEEE 802.11b |\n| 2 | IEEE 802.11g |\n| 3 | IEEE 802.11n |\n\n### **AT+CIPSSLAUTH - Set and Query the TLS Authentication Mode**\n\nSet or queries the selected TLS authentication mode. The default is no authentication. Try to avoid this because it is insecure and prone to MITM attack.\n\n**Query:**\n\n*Command:*\n```\nAT+CIPSSLAUTH?\n```\n\n*Answer:*\n```\n+CIPSSLAUTH=0\n\nOK\n```\n\n**Set:**\n\n*Command:*\n```\nAT+CIPSSLAUTH=\u003cmode\u003e\n```\n\n*Answer:*\n```\n\nOK\n```\n\nThe allowed values of \u0026lt;mode\u0026gt; are:\n\n| Mode | Description |\n| - | - |\n| 0 | No authentication. Default. Insecure |\n| 1 | Server certificate fingerprint checking |\n| 2 | Certificate chain checking |\n\nSwitching to mode 1 succeeds only when the certificate SHA-1 fingerprint is preloaded (see AT+CIPSSLFP).\n\nSwitching to mode 2 succeeds only when the CA certificate preloaded (see AT+CIPSSLCERT).\n\n\n### **AT+CIPSSLFP - Load or Print TLS Server Certificate SHA-1 Fingerprint**\n\nLoad or print the saved server certificate fingerprint. The fingerprint is based on SHA-1 hash and is exactly 20 bytes long. When connecting, the TLS engine checks the fingerprint of the received certificate against the saved value. It ensures the device is connecting to the expected server. After a successful connection, the fingerprint is checked and is no longer needed for this connection.\n\nThe SHA-1 certificate fingerprint for a site can be obtained e.g. in browser while examining the server certificate.\n\n**Query:**\n\n*Command:*\n```\nAT+CIPSSLFP?\n```\n\n*Answer:*\n```\n+CIPSSLFP:\"4F:D5:B1:C9:B2:8C:CF:D2:D5:9C:84:5D:76:F6:F7:A1:D0:A2:FA:3D\"\n\nOK\n```\n\n**Set:**\n\n*Command:*\n```\nAT+CIPSSLFP=\"4F:D5:B1:C9:B2:8C:CF:D2:D5:9C:84:5D:76:F6:F7:A1:D0:A2:FA:3D\"\n```\n\nor\n\n```\nAT+CIPSSLFP=\"4FD5B1C9B28CCFD2D59C845D76F6F7A1D0A2FA3D\"\n```\n\n*Answer:*\n```\n\nOK\n```\n\nThe fingerprint consists of exactly 20 bytes. They are set as hex values and may be divided with ':'.\n\n### **AT+CIPSSLCERTMAX - Query or set maximum certificates to load**\n\nCurrently maximum 5 certificates at a time can be loaded. With this command the amount of certificates to load with LittleFS can be adjusted.\n\n**Query amount to load:**\n\n*Command:*\n\n```\nAT+CIPSSLCERTMAX?\n```\n\n*Answer:*\n```\n+CIPSSLCERTMAX:5\nOK\n```\n\n**Set amount to load:**\n\n*Command:*\n\n```\nAT+CIPSSLCERTMAX=6\n```\n\n*Answer:*\n```\n+CIPSSLCERTMAX:6\nOK\n```\n\n### **AT+CIPSSLCERT - Load, Query or Delete TLS CA Certificate**\n\nLoad, query or delete CA certificate for TLS certificate chain verification. Currently maximum 5 certificates at a time can be loaded. The certificates must be in PEM structure. After a successful connection, the certificate is checked and is no longer needed for this connection.\n\n**Query the first certificate:**\n\n*Command:*\n```\nAT+CIPSSLCERT?\n```\n\n*Answer:*\n```\n+CIPSSLCERT:no cert\n\nERROR\n```\n\nor\n\n```\n+CIPSSLCERT,1:DST Root CA X3\n+CIPSSLCERT,2:DST Root CA X3\n\nOK\n```\n\n**Query specific certificate:**\n\n*Command:*\n```\nAT+CIPSSLCERT?2\n```\n\n*Answer:*\n```\n+CIPSSLCERT,2:DST Root CA X3\n\nOK\n```\n\n**Set:**\n\n*Command:*\n```\nAT+CIPSSLCERT\n```\n\n*Answer:*\n```\n\nOK\n\u003e\n```\n\nYou can now send the certificate (PEM encoding), no echo is given. After the last line (`-----END CERTIFICATE-----`), the certificate is parsed and loaded. The certificate should be sent with \\n notation. For example [isrg-root-x1-cross-signed.pem](https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem): \n\n```\n-----BEGIN CERTIFICATE-----\nMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\nov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\nwYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\nLtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\n4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\nbHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\nsR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\nXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\nFQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\nSLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\nPRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\nTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\nSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\nc3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\n+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\nATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\nU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\nMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\n5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\n9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\nWCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\nhe8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\nDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----\n```\n\nShould be:\n```\n-----BEGIN CERTIFICATE-----\\nMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\\nDkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\\nAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\\nov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\\nwYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\\nLtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\\n4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\\nbHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\\nsR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\\nXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\\nFQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\\nSLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\\nPRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\\nTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\\nSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\\nc3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\\n+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\\nATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\\nb3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\\nU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\\nMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\\n5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\\n9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\\nWCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\\nhe8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\\nDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\\n-----END CERTIFICATE-----\n```\n\nThe application responds with\n\n```\nRead 1952 bytes\n\nOK\n```\nor with an error message. In case of a successful loading, the certificate is ready to use and you can turn the certificate checking on (`AT+CIPSSLAUTH=2`). \n\nThe limit for the PEM certificate is 4096 characters total. \n\n**Delete a certificate:**\n\n*Command:*\n```\nAT+CIPSSLCERT=DELETE,1\n```\n\n*Answer:*\n```\n+CIPSSLCERT,1:deleted\n\nOK\n```\n\nThe certificate is deleted from the memory.\n\n### **AT+CIPSSLMFLN - Checks if the given site supports the MFLN TLS Extension**\n\nThe Maximum Fragment Length Negotiation extension is useful for lowering the RAM usage by reducing receiver buffer size on TLS connections. Newer TLS implementations support this extension but it would be wise to check the capability before changing a TLS buffer size and making a connection. As the server won't change this feature on the fly, you should test the MFLN capability only once.\n\n*Command:*\n\nAT+CIPSSLMFLN=\"*site*\",*port*,*size*\n\nThe valid sizes are 512, 1024, 2048 and 4096.\n\n```\nAT+CIPSSLMFLN=\"www.github.com\",443,512\n```\n\n*Answer:*\n```\n+CIPSSLMFLN:TRUE\n\nOK\n```\n\n### **AT+CIPSSLSTA - Checks the status of the MFLN negotiation**\n\nThis command checks the MFLN status on an opened TLS connection.\n\n*Command:*\n\nAT+CIPSSLSTA[=linkID]\n\nThe *linkID* value is mandatory when the multiplexing is on (AT+CIPMUX=1). It should be not entered when the multiplexing is turned off.\n\n```\nAT+CIPSSLSTA=0\n```\n\n*Answer:*\n```\n+CIPSSLSTA:1\n\nOK\n```\n\nThe returned value of 1 means there was a MFLN negotiation. It holds even with the default receiver buffer size set.\n\n### **AT+SYSTIME - Returns the current time UTC**\n\nThis command returns the current time as unix time (number of seconds since January 1st, 1970). The time zone is fixed to GMT (UTC). The time is obtained by querying NTP servers automatically, after connecting to the internet. Before connecting to the internet or in case of an error in communication with NTP servers, the time is unknown. This situation should be temporary.\n\n*Command:*\n```\nAT+SYSTIME?\n```\n\n*Answer:*\n```\n+SYSTIME:1607438042\nOK\n```\n\nIf the current time is unknown, an error message is returned.\n\n### **AT+CIPETH, AT+CIPETHMAC, AT+CEHOSTNAME**\n\nThese commands support use of the Ethernet interface as in standard AT firmware version 2 and newer.\n\nThese commands for the Ethernet interface are analogous to AT+CIPSTA, AT+CIPSTAMAC and AT+CWHOSTNAME commands.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjiribilek%2Fesp_atmod","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjiribilek%2Fesp_atmod","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjiribilek%2Fesp_atmod/lists"}