ESP8266 Secure CA Verification

While working on a secure cloud for the gang of the esp8266 based devices we are developing we need SSL – real and secure.

And this August is the month of the SSL issues , it seems , but thankful to the Espressifs’ quick support they are on the way out.

SSL Memory Leak

The latest SDK v1.3.0 introduced a bug that simply didn’t call the disconnect callback of esp connections under some circumstances and that in turn leaked memory.  It’s not clarified but the case was when you had a tcp listener and ssl connection after the ssl connection is over, your tcp listener connections did receive disconnect callbacks anymore.  You can get the fix from

Server Certificate Verification

Recent memory optimizations gave enough memory to turn on server certificate validation. But hit the next bug – it fails

Still in progress but you can watch the development of the resolving on the forum: SSL CA Issue

Current state is that if you do not provide the two level chain, i.e. certificate and issuer certificate the connections is established ok.


ESP8266 using different flash sizes – FOTA and Download tool

Which goes where – when using a bootloader for FOTA.

The files:

  • master_device_key.bin –  Obtained from Espressif Cloud
  • esp_init_data_default.bin – Stores default RF parameter values
  • boot.bin – bootloader
  • user1.bin and user2.bin – user firmware
  • blank.bin – blank settings , flash to get default parameters

1. 512KB

  • master_device_key.bin 0x3E000
  • esp_init_data_default.bin 0x7C000
  • blank.bin 0x7E000
  • boot.bin 0x00000
  • user1.bin 0x01000
  • user2.bin 0x41000

2. 1024KB Flash

  • master_device_key.bin 0x3E000
  • esp_init_data_default.bin 0xFC000
  • blank.bin 0xFE000
  • boot.bin 0x00000
  • user1.bin 0x01000
  • user2.bin 0x81000

3. 2048KB Flash

  • master_device_key.bin 0x3E000
  • esp_init_data_default.bin 0x1FC000
  • blank.bin 0x1FE000
  • boot.bin 0x00000
  • user1.bin 0x01000
  • user2.bin 0x81000

4. 4096KB Flash

  • master_device_key.bin 0x3E000
  • esp_init_data_default.bin 0x3FC000
  • blank.bin 0x3FE000
  • boot.bin 0x00000
  • user1.bin 0x01000
  • user2.bin 0x81000


How to use 1MB and above flash on espressif forum describes the use of download tool.

Here is what download tool does:


  • Crystal Frequncy choices:  40Mhz, 26Mhz,  24Mhz – For a 40M crystal , the booting uart tx baud is 115200,(74880 for 26m accordinglyCrystal Freq will be set to the BYTE[48] of esp_init_data_default.bin
  • SPI Flash speed: 0 = 40MHz , 1 = 26.7MHz,  2 = 20MHz,  f = 80MHz  stored in BYTE[3]&0f of the images
  • SPI flash read mode: 0 = QIO, 1 = QOUT, 2=DIO, 3=DOUT  set to the 3rd BYTE at flash address 0x0 so it is BYTE[2].
  • Flash size: Flash size is SET to the higher 4bit of 4TH BYTE at flash address 0x0 which is BYTE[3]>>4)&0xf in the image:
    0:512KB(256KB+256KB)  – 4Mbit
    1:256KB – 2Mbit
    2:1MB(512KB+512KB) – 8Mbit
    3:2MB(512KB+512KB) – 16Mbit
    4:4MB(512KB+512KB) – 32Mbit
    5:2MB-C1(1024KB+1024KB) – 16Mbit
    6:4MB-C1(1024KB+1024KB) – 32Mbit

tout as vdd33 – esp_init_data_default.bin BYTE[107]  = 0xff

tout as adc – esp_init_data_default.bin BYTE[107]  = VDD*10 /vdd > 1.8 and vdd < 3.6/

Low power options are left out for now.

To be continued …