Writing an SSL HTTPS web server ...

The use case that I'm working on is the notion of bootstrapping network connectivity of an Espruino device. Imagine I have an Espruino device which I take with me to my friends house. He has WiFi and is willing to let me have his SSID and password. However, my Espruino has no screen or input source to allow me to enter that information so it can connect to his WiFi. So when Espruino starts, it looks at the list of found SSIDs, realizes that it doesn't know how to connect to any of them and then the Espruino becomes an access point.

Now .. on my phone, I see the Espruino as a target table access point. I connect my phone to the Espruino and then bring up a browser (on my phone). I am presented with the list of found access points ... I select the one I want to use and enter the password. That is transmitted to the Espruino which says "thank you very much" and now stops being an access point and becomes a station.

All good ...

However, I am trying to think of objections folks may have to that technique (also looking for better techniques myself). One is that the password for the WiFi flows over a network to the Espruino so that it can login. I was thinking that if the browser (on the phone) made an SSL connection to Espruino, there would be an ounce more security. I don't know if WiFi traffic is already encrypted (I would guess not). In principle one could then packet sniff and see the password flowing in the clear between my browser and my Espruino. If the Espruino had HTTPS support, that issue would appear to be moot.

Again ... so far this is all a theoretical story ... but it got me curious about what if anything in Espruino might be presented for server side SSL. I had failed to note that outbound SSL was baked into Espruino and was delighted when it "just worked".