Trying to access the Homey using SSL makes for a NASTY surprise…
# nmap 192.168.11.21 -Pn Starting Nmap 7.92 ( https://nmap.org ) at 2022-09-20 08:40 CEST Nmap scan report for homey-61d5XXXXXcbb2e.XXXXXXX (192.168.XXX.XXX) Host is up (0.015s latency). Not shown: 996 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 443/tcp open https MAC Address: 90:E8:68:XX:XX:XX (AzureWave Technology)
# curl -v https://192.168.XX.XX * Trying 192.168.XX.XX:443... * Connected to 192.168.XX.XX (192.168.XX.XX) port 443 (#0) * ALPN: offers h2 * ALPN: offers http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS alert, handshake failure (552): * error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure * Closing connection 0 curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
SSLv3 … that has been thrown in the trashbin several years ago (anyone remember Heartbleed?).
TLSv1.3 is the actual minimal level for SSL, TLSv1.2 has been on the backburner for over a year due to the same weakness as Heartbleed. Allas not all devices can use TLSv1.3 yet, so TLSv1.2 is still allowed when there is nothing else.