From 97f4130ad20e0b818fe94b91da411c3cfa36219f Mon Sep 17 00:00:00 2001 From: Rahul Tank Date: Thu, 22 Sep 2022 16:15:20 +0530 Subject: [PATCH] Wifi Prov: Disabled the default support for BLE Encrpytion on characteristics read /write By default, disabled the BLE Encrpyption requirement for provisioning characteristic. With this flag enabled, when remote attempts to read and if the ACL link is not encrypted, ESP device will return Insufficient Authentication. It is remote device responsibility to go for link encryption which may result in pairing. Some devices do not proceed for any pairing and just show failure pop-up. Also, user needs to remove bonding on remote phone manually and then try again. This is causing bad user experience. End user can enable it as per their use case. --- components/wifi_provisioning/Kconfig | 2 -- examples/provisioning/wifi_prov_mgr/README.md | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/components/wifi_provisioning/Kconfig b/components/wifi_provisioning/Kconfig index ecffba90511..63f2052af30 100644 --- a/components/wifi_provisioning/Kconfig +++ b/components/wifi_provisioning/Kconfig @@ -19,7 +19,6 @@ menu "Wi-Fi Provisioning Manager" bool prompt "Enable BLE bonding" depends on BT_ENABLED - default y help This option is applicable only when provisioning transport is BLE. @@ -34,7 +33,6 @@ menu "Wi-Fi Provisioning Manager" config WIFI_PROV_BLE_FORCE_ENCRYPTION bool prompt "Force Link Encryption during characteristic Read / Write" - default y help Used to enforce link encryption when attempting to read / write characteristic diff --git a/examples/provisioning/wifi_prov_mgr/README.md b/examples/provisioning/wifi_prov_mgr/README.md index 3f7d33ef15b..0e38eccc21c 100644 --- a/examples/provisioning/wifi_prov_mgr/README.md +++ b/examples/provisioning/wifi_prov_mgr/README.md @@ -339,13 +339,13 @@ $IDF_PATH/components/esptool_py/esptool/esptool.py erase_region 0x9000 0x6000 ### Bluetooth Pairing Request during provisioning -ESP-IDF now enforces link encryption requirement while performing GATT write on characteristics of provisioning service. This results in a pairing pop-up dialog, if link is not encrypted. This feature is enabled by default. In order to disable this feature and fallback to earlier behaviour of no pairing pop up during provisioning, please set CONFIG_WIFI_PROV_BLE_FORCE_ENCRYPTION=n in the sdkconfig or unselect the configuration using "idf.py menuconfig" . +ESP-IDF now has functionality to enforce link encryption requirement while performing GATT write on characteristics of provisioning service. This will however result in a pairing pop-up dialog, if link is not encrypted. This feature is disabled by default. In order to enable this feature, please set `CONFIG_WIFI_PROV_BLE_FORCE_ENCRYPTION=y` in the sdkconfig or select the configuration using "idf.py menuconfig" . ``` Component Config --> Wi-Fi Provisioning Manager --> Force Link Encryption during Characteristic Read/Write ``` -Recompiling the application with above changes should suffice to disable this functionality. +Recompiling the application with above changes should suffice to enable this functionality. ### Unsupported platform