From 7277e03071ff194679306aaf59728af8150f1b5c Mon Sep 17 00:00:00 2001
From: "Alexander D. Kanevskiy" <kad@kad.name>
Date: Fri, 13 Feb 2026 14:33:52 +0200
Subject: [PATCH] Allow SSL connections to older devices

With recent firmware updates for older devices (like C120)
the embedded SSL certificate on the deivce is RSA 1024 type,
which is considered insecure nowadays.

 0 s:CN=TPRI-DEVICE, O=TPRI, C=US
   i:CN=TPRI-DEVICE, O=TPRI, C=US
   a:PKEY: RSA, 1024 (bit); sigalg: sha256WithRSAEncryption
   v:NotBefore: Jan  1 00:00:00 2001 GMT; NotAfter: Dec 31 23:59:59 2070 GMT

This fix add cipher used by TP-Link to list of allowed ones.

Related: https://github.com/home-assistant/core/issues/162498
Signed-off-by: Alexander D. Kanevskiy <kad@kad.name>
---
 kasa/transports/sslaestransport.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kasa/transports/sslaestransport.py b/kasa/transports/sslaestransport.py
index eeb298099..6473aa1e3 100644
--- a/kasa/transports/sslaestransport.py
+++ b/kasa/transports/sslaestransport.py
@@ -73,6 +73,7 @@ class SslAesTransport(BaseTransport):
     }
     CIPHERS = ":".join(
         [
+            "ECDHE-RSA-AES128-GCM-SHA256",
             "AES256-GCM-SHA384",
             "AES256-SHA256",
             "AES128-GCM-SHA256",