Define options to Web Socket Secure (TlsFeatureNotEnabled)

[fernandodelucca]

Cannot connect Z2M instance with Web Socket Secure:

2025-03-13T01:17:39.453Z INFO bifrost::backend::z2m > [z2m00] Connecting to wss://10.0.0.100/api?token=your-secret-token
2025-03-13T01:17:39.455Z ERROR bifrost::backend::z2m > [z2m00] Connect failed: Url(TlsFeatureNotEnabled)

[chrivers]

Welcome to Bifrost :)

Thank you for reporting this issue.

It's true, Bifrost currently does not support TLS for z2m websockets.

While it's possible to enable the "tls" feature for the websocket crate (and I'll probably do that in a future update), it's only part of the puzzle.

Since z2m certificates are (very commonly) self-signed, we'd also need a way for the user to specify the security criteria. For instance, if self-signed certificates are accepted, and if not, what certificates that are trusted.

Without certificate-based authentication of servers, there's not that much advantage to running TLS, from a security point of view.

I assume enabling the regular, non-TLS websocket is not an option for you?

[fernandodelucca]

Hello, my friend, and thank you for the response.

Right, my entire automation environment today uses valid certificates issued by a certification authority.

Even my local environment is fully resolved via FQDN (subdomain.domain.com), including mqtt, homeassistant, and z2m, without the need for a reverse proxy.

With valid certificates, in most cases, the certificate chain embedded in operating systems itself resolves the handshake.

Because of this, I find it a bit difficult to use without support for Web Socket Secure.

But I’ll keep following along and eagerly awaiting the improvement. ;)

Amazing work on this project. Congratulations!