ESP32 WiFiClientSecure Library

Home / References / ESP32 Library 

Introduction to the ESP32 WiFiClientSecure Library

The ESP32 WiFiClientSecure Library, part of the official ESP32 Arduino Core, provides a robust framework for establishing secure network connections over Wi-Fi using SSL/TLS protocols. Built on top of the NetworkClientSecure class, it enables encrypted communication with remote servers, making it ideal for IoT applications requiring secure data transfer. This library supports various authentication methods, including root CA certificates, client certificates, pre-shared keys (PSK), and insecure connections for testing. Whether you’re building a smart home device or a connected sensor, WiFiClientSecure offers the tools to ensure your data remains protected.

Methods in the ESP32 WiFiClientSecure Library

Below is a comprehensive list of methods available in the WiFiClientSecure Library, categorized by their purpose. These methods are sourced from the official ESP32 Arduino Core GitHub repository.

Connection Management Category

These methods manage the connection lifecycle and provide status information.

• connect – Establishes a secure connection to a server using an IP address and port number.
• stop – Closes the secure connection and releases resources.
• connected – Returns 1 if the client is connected to the server, 0 otherwise.

Data Sending Category

These methods handle sending data over the secure connection.

• write – Writes a single byte of data to the secure connection.
• print – Prints a string to the the secure connection.
• println – Prints a string followed by a newline to the secure connection.
• flush – Ensures that any data in the output buffer is fully transmitted

Data Receiving Category

These methods handle receiving data over the secure connection.

• available– Returns the number of bytes available to read from the secure connection.
• read– Reads a single byte from the secure connection, returning -1 if no data is available.
• readBytes – Reads a specified number of bytes into a buffer from the secure connection.
• readString – Reads all available data as a String object.
• readStringUntil – Read String until stop symbol.
• peek – Returns the next byte without removing it from the buffer, or -1 if none available.

Certificate and Security Configuration

These methods configure security settings, including certificates, keys, and validation options, for secure connections.

• setCACert – Sets the root Certificate Authority (CA) certificate for server verification.
• setCertificate – Sets the client certificate for mutual TLS authentication.
• setPrivateKey – Sets the client’s private key for mutual TLS authentication.
• loadCACert – Loads a root CA certificate from a stream (e.g., file or memory) for server verification.
• loadCertificate – Loads a client certificate from a stream for mutual authentication.
• loadPrivateKey – Loads a private key from a stream for mutual authentication.
• setPreSharedKey – Sets the pre-shared key (PSK) identity and key for PSK-based authentication.
• setInsecure – Disables certificate chain validation, making the connection highly insecure (use with caution).
• verify – Verifies the server’s certificate fingerpragainst the specified domain name.

TLS/SSL Protocol Configuration

These methods configure advanced TLS/SSL options, such as handshake timeouts and protocol upgrades.

• setHandshakeTimeout – Sets the maximum time (in milliseconds) allowed for the TLS handshake to complete.
• setAlpnProtocols – Sets the Application-Layer Protocol Negotiation (ALPN) protocols for the connection.
• setPlainStart– Enables plain-text mode at the start of the connection, requiring a manual TLS upgrade.
• stillInPlainStart – Returns true if the connection is still in plain-text mode before a TLS upgrade.
• startTLS – Upgrades the connection from plain-text to TLS/SSL when in plain-start mode.