From 3093c7615dee0ae55d0bbda7dff709a062843e31 Mon Sep 17 00:00:00 2001 From: Anton Gladky Date: Fri, 10 May 2024 22:13:47 +0200 Subject: [PATCH] Update information abour letsencrypt certificate --- docs/TLS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/TLS.md b/docs/TLS.md index 8943ceea11..894c54c28d 100644 --- a/docs/TLS.md +++ b/docs/TLS.md @@ -5,7 +5,7 @@ Starting with version 10.0.0.4, TLS now support dual mode, depending of the value of `SetOption132`: - `SetOption132 0` (default): the server's identity is checked against pre-defined Certificate Authorities. There is no further configuration needed. Tasmota includes the following CAs: - - [LetsEncrypt R3 certificate](https://letsencrypt.org/certificates/), RSA 2048 bits SHA 256, valid until 20250915 + - [LetsEncrypt ISRG Root X1 certificate](https://letsencrypt.org/certificates/), RSA 4096 bits SHA 256, valid until 20350604 - [Amazon Root CA](https://www.amazontrust.com/repository/), RSA 2048 bits SHA 256, valid until 20380117, used by AWS IoT - `SetOption132 1`: Fingerprint validation. This method works for any server certificate, including self-signed certificates. The server's public key is hashed into a fingerprint and compared to a pre-recorded value. This method is more universal but requires an additional configuration (see below)