ESP32 WiFiClientSecure Library – connected

Home / References / ESP32 Library / WiFiClientSecure

Description

The connected method in the WiFiClientSecure library checks if the secure TCP connection to a server remains active. It is used to verify that the TLS connection is still open, allowing data exchange, which is critical for reliable communication in IoT applications.

Syntax and Usage

The connected method has a single usage without arguments. Below is the syntax with an example:

Checking Connection Status

client.connected()

Returns whether the secure connection is still active, often used in loops to process server responses.

For practical applications and examples of this method, please consult the “Example Code” section on this page. This section provides comprehensive guidance to help you better understand and apply the method effectively.

Argument(s)

This method does not require any arguments. It assesses the current state of the WiFiClientSecure object, determining if the TLS connection to the server is still operational.

Return Value

The connected method returns a boolean value:

• true: The secure connection is active, and data can still be sent or received.
• false: The connection is closed or was never established, indicating no further communication is possible.

Example Codes

Below is an example code demonstrating the usage of the connected method, adapted from the reference code provided.

Example: Monitoring Connection with connected

This example establishes a secure connection to www.howsmyssl.com, sends an HTTPS GET request, and uses connected to monitor the connection while reading the server’s response headers.

ATTENTION: The Root CA certificate has an expiration date. If this code fails to execute, acquire the most up-to-date Root CA certificate. To find out more details about how to acquire the Root CA certificate of www.howsmyssl.com, please check out this link below:
How to Acquire the Root CA Certificate

/*
 * Author: Avant Maker
 * Date: February 24, 2025
 * Version: 1.0
 *
 * Description: This example establishes a secure connection
 * to www.howsmyssl.com, sends an HTTPS GET request, and
 * uses ESP32 WiFiClientSecure Library's connected method
 * to monitor the connection while reading the server's
 * responses.
 * 
 * 
 * ATTENTION: The Root CA certificate has an expiration date.
 * If this code fails to execute, acquire the most up-to-date
 * Root CA certificate.
 * To find out more details about how to acquire the Root CA
 * certificate of www.howsmyssl.com, please check out this link below:
 *
 * https://avantmaker.com/references/esp32-arduino-core-index/esp32-wificlientsecure-library/how-to-acquire-the-root-ca-certificate/
 *
 * License: MIT 
 * 
 * Code Source: This example code is sourced from the Comprehensive 
 * Guide to the ESP32 Arduino Core Library, accessible on 
 * AvantMaker.com. For additional code examples and in-depth 
 * documentation related to the ESP32 Arduino Core Library, 
 * please visit:
 *
 * https://avantmaker.com/references/esp32-arduino-core-index/
 *
 * AvantMaker.com, your premier destination for all things 
 * DIY, AI, IoT, Smart Home, and STEM projects. We are dedicated 
 * to empowering makers, learners, and enthusiasts with the resources
 * they need to bring their innovative ideas to life.
 */

#include <WiFi.h>
#include <NetworkClientSecure.h>

// WiFi credentials
const char* wifiName = "Your-WiFi-SSID";         // Your WiFi SSID
const char* wifiPass = "Your-WiFi-Password";   // Your WiFi password
// Server details
const char* targetServer = "www.howsmyssl.com";  // Target server URL

// Root CA certificate for www.howsmyssl.com (update with your server's CA if different)
const char* rootCACert = R"literal(
-----BEGIN CERTIFICATE-----
MIIFBTCCAu2gAwIBAgIQS6hSk/eaL6JzBkuoBI110DANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy
Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa
Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF
bmNyeXB0MQwwCgYDVQQDEwNSMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDPV+XmxFQS7bRH/sknWHZGUCiMHT6I3wWd1bUYKb3dtVq/+vbOo76vACFL
YlpaPAEvxVgD9on/jhFD68G14BQHlo9vH9fnuoE5CXVlt8KvGFs3Jijno/QHK20a
/6tYvJWuQP/py1fEtVt/eA0YYbwX51TGu0mRzW4Y0YCF7qZlNrx06rxQTOr8IfM4
FpOUurDTazgGzRYSespSdcitdrLCnF2YRVxvYXvGLe48E1KGAdlX5jgc3421H5KR
mudKHMxFqHJV8LDmowfs/acbZp4/SItxhHFYyTr6717yW0QrPHTnj7JHwQdqzZq3
DZb3EoEmUVQK7GH29/Xi8orIlQ2NAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG
MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/
AgEAMB0GA1UdDgQWBBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAfBgNVHSMEGDAWgBR5
tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG
Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD
VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B
AQsFAAOCAgEAkrHnQTfreZ2B5s3iJeE6IOmQRJWjgVzPw139vaBw1bGWKCIL0vIo
zwzn1OZDjCQiHcFCktEJr59L9MhwTyAWsVrdAfYf+B9haxQnsHKNY67u4s5Lzzfd
u6PUzeetUK29v+PsPmI2cJkxp+iN3epi4hKu9ZzUPSwMqtCceb7qPVxEbpYxY1p9
1n5PJKBLBX9eb9LU6l8zSxPWV7bK3lG4XaMJgnT9x3ies7msFtpKK5bDtotij/l0
GaKeA97pb5uwD9KgWvaFXMIEt8jVTjLEvwRdvCn294GPDF08U8lAkIv7tghluaQh
1QnlE4SEN4LOECj8dsIGJXpGUk3aU3KkJz9icKy+aUgA+2cP21uh6NcDIS3XyfaZ
QjmDQ993ChII8SXWupQZVBiIpcWO4RqZk3lr7Bz5MUCwzDIA359e57SSq5CCkY0N
4B6Vulk7LktfwrdGNVI5BsC9qqxSwSKgRJeZ9wygIaehbHFHFhcBaMDKpiZlBHyz
rsnnlFXCb5s8HKn5LsUgGvB24L7sGNZP2CX7dhHov+YhD+jozLW2p9W4959Bz2Ei
RmqDtmiXLnzqTpXbI+suyCsohKRg6Un0RC47+cpiVwHiXZAW+cn8eiNIjqbVgXLx
KPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54=
-----END CERTIFICATE-----
)literal";

// Optional: Add client certificate and key for mutual TLS if needed
// const char* clientCertKey = "";
// const char* clientCert = "";

NetworkClientSecure secureClient;

void connectToWiFi() {
  Serial.print("Connecting to WiFi: ");
  Serial.println(wifiName);
  
  WiFi.begin(wifiName, wifiPass);
  
  while (WiFi.status() != WL_CONNECTED) {
    Serial.print("-");
    delay(500);  // Adjusted delay for visual difference
  }
  
  Serial.println("\nWiFi connection established!");
  Serial.println(wifiName);
}

void performSecureRequest() {
  secureClient.setCACert(rootCACert);
  // Uncomment below for client certificate authentication
  // secureClient.setCertificate(clientCert);
  // secureClient.setPrivateKey(clientCertKey);

  Serial.println("\nInitiating secure connection...");
  
  if (!secureClient.connect(targetServer, 443)) {
    Serial.println("Failed to connect to server! Check the code description for solution.");
    return;
  }
  
  Serial.println("Successfully connected to server!");
  
  // Send HTTP GET request
  secureClient.println("GET https://www.howsmyssl.com/a/check HTTP/1.1");
  secureClient.print("Host: ");
  secureClient.println(targetServer);
  secureClient.println("Connection: close");
  secureClient.println();

  // Check connection status and process server response
  while (secureClient.connected()) {
    String responseLine = secureClient.readStringUntil('\n');
    if (responseLine == "\r") {
      Serial.println("Response headers received");
      break;
    }
  }

  // Display response body
  while (secureClient.available()) {
    char character = secureClient.read();
    Serial.print(character);
  }

  secureClient.stop();
  Serial.println("\nConnection closed");
}

void setup() {
  Serial.begin(115200);
  delay(200);  // Slight delay for serial stabilization

  connectToWiFi();
  
  performSecureRequest();
}

void loop() {
  // Idle loop - no operations needed
}

Understanding Example Code Output from ESP32

When you run the Example Code on your ESP32 and it successfully connects to www.howsmyssl.com, the Serial Monitor will display detailed information about the secure connection.

To help you understand the example code, the following is a breakdown of the Serial Monitor output when you run this code on an ESP32:

This output is a JSON response from the server’s endpoint https://www.howsmyssl.com/a/check, which provides details about the TLS connection established by your ESP32. We’ll explain each key component in a clear manner below.

Serial Monitor Output Recap

Upon successful execution of the code on your ESP32 board, the Serial Monitor should display the following output:

Connected to WiFi
Connected to server!
Headers received
{
  "given_cipher_suites": [
    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
    "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
    "TLS_ECDHE_ECDSA_WITH_AES_256_CCM",
    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
    "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",
    "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
    "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
    "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
    "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
    "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384",
    "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
    "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384",
    "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384",
    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
    "TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
    "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
    "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
    "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",
    "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
    "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
    "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
    "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
    "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256",
    "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256",
    "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256",
    "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256",
    "TLS_RSA_WITH_AES_256_GCM_SHA384",
    "TLS_RSA_WITH_AES_256_CCM",
    "TLS_RSA_WITH_AES_256_CBC_SHA256",
    "TLS_RSA_WITH_AES_256_CBC_SHA",
    "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
    "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
    "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
    "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
    "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
    "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
    "TLS_RSA_WITH_AES_256_CCM_8",
    "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",
    "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
    "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
    "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
    "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384",
    "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
    "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
    "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384",
    "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384",
    "TLS_RSA_WITH_ARIA_256_GCM_SHA384",
    "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384",
    "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384",
    "TLS_RSA_WITH_ARIA_256_CBC_SHA384",
    "TLS_RSA_WITH_AES_128_GCM_SHA256",
    "TLS_RSA_WITH_AES_128_CCM",
    "TLS_RSA_WITH_AES_128_CBC_SHA256",
    "TLS_RSA_WITH_AES_128_CBC_SHA",
    "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
    "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
    "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
    "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
    "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
    "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
    "TLS_RSA_WITH_AES_128_CCM_8",
    "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",
    "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
    "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
    "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
    "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
    "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
    "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
    "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256",
    "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256",
    "TLS_RSA_WITH_ARIA_128_GCM_SHA256",
    "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256",
    "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256",
    "TLS_RSA_WITH_ARIA_128_CBC_SHA256",
    "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
  ],
  "ephemeral_keys_supported": true,
  "session_ticket_supported": true,
  "tls_compression_supported": false,
  "unknown_cipher_suite_supported": false,
  "beast_vuln": false,
  "able_to_detect_n_minus_one_splitting": false,
  "insecure_cipher_suites": {},
  "tls_version": "TLS 1.2",
  "rating": "Probably Okay"
}
Connection closed

This is the response from www.howsmyssl.com/a/check, followed by a message from your code indicating the connection has ended.

What Does This Mean for Your ESP32 Project?

• Security: Your ESP32 established a secure TLS 1.2 connection with www.howsmyssl.com using a modern, safe cipher suite (likely one with ECDHE and AES_GCM based on the list). The lack of insecure cipher suites and vulnerabilities like BEAST ensures it’s suitable for IoT demos.
• Functionality: The support for ephemeral keys and session tickets enhances security and efficiency, making this a good example for AvantMaker.com’s audience of makers and learners.
• Purpose: This output validates that your code (and the Root CA certificate) worked correctly to authenticate and communicate with the server, a key step in IoT projects requiring HTTPS.

Explanation of the JSON Response

The JSON object contains several fields that describe the TLS capabilities and security status of the connection as seen by the server. Here’s what each field means:

1. "given_cipher_suites"
   • Value: A list of cipher suites supported by your ESP32 client (e.g., "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", etc., ending with "TLS_EMPTY_RENEGOTIATION_INFO_SCSV").
   • Meaning: These are the cryptographic algorithms your ESP32 offered to the server for securing the connection. Each cipher suite defines:
     • Key Exchange: How the encryption keys are shared (e.g., ECDHE for Ephemeral Elliptic Curve Diffie-Hellman, RSA for RSA key exchange).
     • Authentication: How the server proves its identity (e.g., ECDSA or RSA).
     • Encryption: The symmetric encryption algorithm (e.g., AES_256_GCM, CAMELLIA_128_CBC).
     • Integrity: The hash function for data integrity (e.g., SHA384, SHA256).
   • Example Breakdown:
     • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: Uses ECDHE for key exchange, ECDSA for authentication, AES-256 in GCM mode for encryption, and SHA-384 for integrity.
     • TLS_EMPTY_RENEGOTIATION_INFO_SCSV: A pseudo-cipher suite signaling support for secure renegotiation, not an actual encryption method.
   • Significance: The server selects one of these for the connection. The list shows your ESP32’s TLS capabilities via the NetworkClientSecure library.
2. "ephemeral_keys_supported": true
   • Meaning: Indicates that your ESP32 supports ephemeral key exchange (e.g., ECDHE or DHE), which provides Forward Secrecy. This means that even if a private key is compromised later, past session data remains secure because the session keys are temporary.
   • Significance: This is a strong security feature, ensuring robust protection for IoT applications.
3. "session_ticket_supported": true
   • Meaning: Your ESP32 supports TLS session tickets, a mechanism for resuming previous TLS sessions without a full handshake, improving performance.
   • Significance: Useful for IoT devices like the ESP32 to reduce connection overhead in repeated communications.
4. "tls_compression_supported": false
   • Meaning: Your ESP32 does not support TLS compression.
   • Significance: Compression is disabled by default in modern TLS implementations due to security vulnerabilities like the CRIME attack. This is a good security practice.
5. "unknown_cipher_suite_supported": false
   • Meaning: No unrecognized or unsupported cipher suites were offered by your ESP32.
   • Significance: Ensures compatibility and clarity in the TLS handshake process.
6. "beast_vuln": false
   • Meaning: Your connection is not vulnerable to the BEAST (Browser Exploit Against SSL/TLS) attack, which affects CBC-based cipher suites in TLS 1.0.
   • Significance: Since you’re using TLS 1.2 (see below) and likely a secure cipher suite, this vulnerability doesn’t apply.
7. "able_to_detect_n_minus_one_splitting": false
   • Meaning: Indicates whether the client can detect a specific mitigation technique for BEAST-like attacks (N-1 splitting). Since it’s false, your ESP32 doesn’t signal this capability.
   • Significance: This is less relevant with TLS 1.2 and modern cipher suites, so it’s not a concern here.
8. "insecure_cipher_suites": {}
   • Meaning: An empty object means no insecure cipher suites were detected in your ESP32’s offered list.
   • Significance: Confirms that your configuration avoids weak or deprecated cryptography, enhancing security for your projects.
9. "tls_version": "TLS 1.2"
   • Meaning: The TLS protocol version negotiated between your ESP32 and the server is TLS 1.2.
   • Significance: TLS 1.2 is widely supported and secure (though TLS 1.3 is the latest standard). The ESP32’s NetworkClientSecure library defaults to TLS 1.2, which is suitable for most IoT applications as of March 2025.
10. "rating": "Probably Okay"
    • Meaning: The server’s overall assessment of your TLS configuration. “Probably Okay” indicates a secure setup with no major issues, though it might not be the absolute strongest possible (e.g., lacking TLS 1.3).
    • Significance: Your ESP32’s TLS setup is functional and safe for demo purposes, aligning with AvantMaker.com’s goal of empowering makers with practical examples.
11. Connection closed
    • Meaning: This is a timestamp and message from your ESP32 code (added in performSecureRequest()), indicating that the TLS connection was successfully terminated after receiving the response.
    • Significance: Confirms the code executed as expected, closing the connection cleanly.