From da1e8bddee634c27af8ddd38d811682d3d4ae3ec Mon Sep 17 00:00:00 2001
From: valmir1989 <valmir.haxhiu@outlook.de>
Date: Sun, 17 Aug 2025 12:43:45 +0200
Subject: [PATCH 01/18] Update HeatPumpType.md

Issue #702.
---
 HeatPumpType.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/HeatPumpType.md b/HeatPumpType.md
index 114fec8e..52cea7f6 100644
--- a/HeatPumpType.md
+++ b/HeatPumpType.md
@@ -60,6 +60,7 @@ Assuming that bytes from #129 to #138 are unique for each model of Aquarea heat
 |53 | 42 D4 0B 83 71 32 D2 0C 44 55 | WH-ADC0309J3E5C | WH-UD03JE5 | KIT-ADC03JE5C-S | 3.2 | 1ph | HP - All-In-One Compact |
 |54 | E2 CF 0C 74 09 12 D0 0E 94 05 | WH-ADC0916H9E8 | WH-UX09HE8 | KIT-AXC9HE8 | 9 | 3ph | T-CAP - All-In-One |
 |55 | 12 D7 0D 98 11 33 94 0C 83 10 | WH-ADC0316M9E8AN2 | WH-WXG09ME8 | Monoblock | 9 | 2ph | T-CAP - M-series DHW 185l |
+|56 | 12 D7 01 18 21 33 94 0C 83 10 | WH-CME8 + CZ-NS7P | WH-WXG09ME8 | Monoblock| 9 | 3ph | T-CAP - M-series |
 
 All bytes are used for Heat Pump model identification in the code.
 

From 86f7cfadaa8d878b8acadbac5b0265fe561b9ce4 Mon Sep 17 00:00:00 2001
From: Bart van der Velden <b.vandervelden@pocos.nl>
Date: Tue, 2 Sep 2025 17:00:57 +0200
Subject: [PATCH 02/18] Add KIT-SDC07KE5 and missing trailing pipe

---
 HeatPumpType.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/HeatPumpType.md b/HeatPumpType.md
index 114fec8e..6cd6b3ae 100644
--- a/HeatPumpType.md
+++ b/HeatPumpType.md
@@ -36,7 +36,7 @@ Assuming that bytes from #129 to #138 are unique for each model of Aquarea heat
 |29 | E2 CF 0B 83 05 12 D0 0D 92 05 | WH-SQC12H9E8 | WH-UQ12HE8 | KIT-WQC12H9E8 | 12 | 3ph | T-CAP - Super Quiet |
 |30 | E2 CF 0C 78 09 12 D0 0B 06 11 | WH-SXC12H6E5 | WH-UX12HE5 | KIT-WXC12H6E5 | 12 | 1ph | T-CAP |
 |31 | C2 D3 0C 35 65 B2 D3 0B 96 65 | Monoblock | WH-MDC09J3E5 | Monoblock | 9 | 1ph | HP (new version?) |
-|32 | 32 D4 0B 99 77 62 90 0B 01 78 | Monoblock | WH-MXC09J3E5 | Monoblock | 9 | 1ph | T-CAP
+|32 | 32 D4 0B 99 77 62 90 0B 01 78 | Monoblock | WH-MXC09J3E5 | Monoblock | 9 | 1ph | T-CAP |
 |33 | 42 D4 0B 15 76 12 D0 0B 10 11 | WH-ADC1216H6E5C | WH-UD12HE5 | KIT-ADC12HE5C-CL | 12 | 1ph| HP - All-In-One Compact |
 |34 | E2 D5 0C 29 99 83 92 0C 28 98 | WH-ADC0509L3E5 | WH-WDG07LE5 | KIT-ADC07L3E5 | 7 | 1ph | HP - All-In-One L-series |
 |35 | E2 CF 0D 85 05 12 D0 0E 94 05 | WH-SXC09H3E8 | WH-UX09HE8 | KIT-WXC09H3E8 | 9 | 3ph | T-CAP - new version |
@@ -60,6 +60,7 @@ Assuming that bytes from #129 to #138 are unique for each model of Aquarea heat
 |53 | 42 D4 0B 83 71 32 D2 0C 44 55 | WH-ADC0309J3E5C | WH-UD03JE5 | KIT-ADC03JE5C-S | 3.2 | 1ph | HP - All-In-One Compact |
 |54 | E2 CF 0C 74 09 12 D0 0E 94 05 | WH-ADC0916H9E8 | WH-UX09HE8 | KIT-AXC9HE8 | 9 | 3ph | T-CAP - All-In-One |
 |55 | 12 D7 0D 98 11 33 94 0C 83 10 | WH-ADC0316M9E8AN2 | WH-WXG09ME8 | Monoblock | 9 | 2ph | T-CAP - M-series DHW 185l |
+|56 | E2 D5 0B 08 95 02 D6 0F 67 95 | WH-SDC0309K3E5 | WH-UDZ07KE5 | KIT-SDC07KE5 | 7 | 1ph | HP - split K-series (sold in Poland) |
 
 All bytes are used for Heat Pump model identification in the code.
 

From b270f331b4e55c820844355a7cc8a1b7e8181ad6 Mon Sep 17 00:00:00 2001
From: CurlyMoo <curlymoo1@gmail.com>
Date: Wed, 12 Nov 2025 16:15:30 +0100
Subject: [PATCH 03/18] Fix wrong rounding of floats

---
 HeishaMon/src/rules/functions/round.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/HeishaMon/src/rules/functions/round.cpp b/HeishaMon/src/rules/functions/round.cpp
index 64996337..a6bdc854 100755
--- a/HeishaMon/src/rules/functions/round.cpp
+++ b/HeishaMon/src/rules/functions/round.cpp
@@ -49,9 +49,9 @@ int8_t rule_function_round_callback(struct rules_t *obj) {
 
   if(modff(x, &z) == 0) {
 #ifdef DEBUG
-    printf("\tround = %d\n", (int)x);
+    printf("\tround = %d\n", round(x));
 #endif
-    rules_pushinteger(obj, x);
+    rules_pushinteger(obj, round(x));
   } else {
     if(y == 2) {
       uint8_t size = snprintf(NULL, 0, "%.*f", dec, x)+1;
@@ -63,9 +63,9 @@ int8_t rule_function_round_callback(struct rules_t *obj) {
       rules_pushfloat(obj, atof(buf));
     } else {
 #ifdef DEBUG
-      printf("\tround = %d\n", (int)x);
+      printf("\tround = %d\n", round(x));
 #endif
-      rules_pushinteger(obj, (int)x);
+      rules_pushinteger(obj, round(x));
     }
   }
 

From e29e4ceb57421c26df71f04328c369463dc65442 Mon Sep 17 00:00:00 2001
From: "Christian P." <mail@pogea.de>
Date: Mon, 17 Nov 2025 23:08:10 +0100
Subject: [PATCH 04/18] Add Quiet Mode Level configuration

Added configuration for Quiet Mode Level in aquareaHeatPump.yaml.
---
 Integrations/Openhab3/aquareaHeatPump.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Integrations/Openhab3/aquareaHeatPump.yaml b/Integrations/Openhab3/aquareaHeatPump.yaml
index b02f2c57..02d7497e 100644
--- a/Integrations/Openhab3/aquareaHeatPump.yaml
+++ b/Integrations/Openhab3/aquareaHeatPump.yaml
@@ -413,3 +413,11 @@ channels:
     configuration:
       stateTopic: panasonic_heat_pump/main/DHW_Energy_Consumption
       unit: Watt
+  - id: quietModeLevel
+    channelTypeUID: mqtt:number
+    label: Quiet Mode Level
+    configuration:
+      commandTopic: panasonic_heat_pump/commands/SetQuietMode
+      min: 0
+      stateTopic: panasonic_heat_pump/main/Quiet_Mode_Level
+      max: 3

From c6a2c64abfba088620526ef8594eff02142dbe50 Mon Sep 17 00:00:00 2001
From: confuzius0815 <136562234+confuzius0815@users.noreply.github.com>
Date: Sat, 29 Nov 2025 09:00:23 +0100
Subject: [PATCH 05/18] Update HeishaMon.ino - added TLS support-part1

Only for ESP32. The ESP8266 version is hardly changed
---
 HeishaMon/HeishaMon.ino | 148 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 144 insertions(+), 4 deletions(-)

diff --git a/HeishaMon/HeishaMon.ino b/HeishaMon/HeishaMon.ino
index ad16a391..a0c88b29 100644
--- a/HeishaMon/HeishaMon.ino
+++ b/HeishaMon/HeishaMon.ino
@@ -132,9 +132,19 @@ static uint8_t cmdnrel = 0;
 
 
 // mqtt
+#ifdef TLS_SUPPORT
+#include <WiFiClientSecure.h>
+WiFiClientSecure mqtt_tls_client;
 WiFiClient mqtt_wifi_client;
+bool loadTlsCaFromFS(WiFiClientSecure &client);
+static bool last_tls_enabled = false;
+static bool new_ca_stored = false;
+static std::unique_ptr<char[]> persistent_ca_pem;
 PubSubClient mqtt_client;
-
+#else
+WiFiClient mqtt_wifi_client;
+PubSubClient mqtt_client(mqtt_wifi_client);
+#endif
 
 
 bool firstConnectSinceBoot = true; //if this is true there is no first connection made yet
@@ -307,6 +317,34 @@ void check_wifi() {
 }
 
 
+#ifdef TLS_SUPPORT
+bool loadTlsCaFromFS(WiFiClientSecure &client) {
+  if (!LittleFS.exists("/ca.pem")) {
+    log_message(_F("[TLS] /ca.pem not found"));
+    return false;
+  }
+  File certFile = LittleFS.open("/ca.pem", "r");
+  if (!certFile) {
+    log_message(_F("[TLS] open(/ca.pem) failed"));
+    return false;
+  }
+  size_t certSize = certFile.size();
+  if (certSize == 0) {
+    log_message(_F("[TLS] /ca.pem is empty"));
+    certFile.close();
+    return false;
+  }
+  persistent_ca_pem.reset(new char[certSize + 1]);
+  size_t n = certFile.readBytes(persistent_ca_pem.get(), certSize);
+  persistent_ca_pem[n] = '\0';
+  certFile.close();
+  client.setCACert(persistent_ca_pem.get());
+  log_message(_F("[TLS] CA loaded into client"));
+  return true;
+}
+#endif
+
+
 void mqtt_reconnect()
 {
   unsigned long now = millis();
@@ -319,6 +357,36 @@ void mqtt_reconnect()
     }
     char topic[256];
     sprintf(topic, "%s/%s", heishamonSettings.mqtt_topic_base, mqtt_willtopic);
+#ifdef TLS_SUPPORT
+    if (heishamonSettings.mqtt_tls_enabled != last_tls_enabled) {
+      mqtt_client.disconnect();
+      if (last_tls_enabled) {
+        mqtt_tls_client.stop();
+      } else {
+        mqtt_wifi_client.stop();
+        if (!loadTlsCaFromFS(mqtt_tls_client)) {
+          log_message(_F("[TLS] Proceeding without valid CA (expect failure)"));
+        }
+      }
+      last_tls_enabled = heishamonSettings.mqtt_tls_enabled;
+    }
+
+    if (new_ca_stored) {
+      log_message(_F("[TLS] Trying to load new CA ertificate"));
+      if (!loadTlsCaFromFS(mqtt_tls_client)) {
+        log_message(_F("[TLS] Proceeding without valid CA (expect failure)"));
+      }
+      new_ca_stored = false;
+    }
+    if (heishamonSettings.mqtt_tls_enabled) {
+      mqtt_client.setClient(mqtt_tls_client);
+    } else {
+      mqtt_client.setClient(mqtt_wifi_client);
+    }
+      mqtt_client.setSocketTimeout(10);
+      mqtt_client.setKeepAlive(30);
+      mqtt_client.setServer(heishamonSettings.mqtt_server, atoi(heishamonSettings.mqtt_port));
+#endif
     if (mqtt_client.connect(heishamonSettings.wifi_hostname, heishamonSettings.mqtt_username, heishamonSettings.mqtt_password, topic, 1, true, "Offline"))
     {
       mqttReconnects++;
@@ -363,6 +431,20 @@ void mqtt_reconnect()
       }
 #endif
     }
+//#ifdef TLS_SUPPORT // error state is useful in any case
+    else {
+      int8_t err = mqtt_client.state();
+      log_message(_F("MQTT connect failed, state:"));
+      switch (err) {
+        case -1: log_message(_F(" -1 → TLS handshake or network error")); break;
+        case -2: log_message(_F(" -2 → Connection timeout – cannot reach broker or CA/time error")); break;
+        case -3: log_message(_F(" -3 → Server not found or rejected")); break;
+        case -4: log_message(_F(" -4 → Connection lost")); break;
+        case -5: log_message(_F(" -5 → Check username/password")); break;
+        default: log_message(_F("    → Unknown error")); break;
+      }
+    }
+//#endif
   }
 }
 
@@ -809,6 +891,18 @@ int8_t webserver_cb(struct webserver_t *client, void *dat) {
               LittleFS.remove("/rules.new");
               client->userdata = new File(LittleFS.open("/rules.new", "a+"));
             }
+#ifdef TLS_SUPPORT
+        } else if (strcmp_P((char *)dat, PSTR("/cacert")) == 0) {
+          client->route = 165;
+          if (LittleFS.begin()) {
+            LittleFS.remove("/ca.tmp");
+            File cf = LittleFS.open("/ca.tmp", "w");
+            if (cf) {
+              client->userdata = new File(cf);
+            }
+            new_ca_stored = true;
+          }
+#endif
           } else if (strcmp_P((char *)dat, PSTR("/firmware")) == 0) {
             if (!Update.isRunning()) {
 #ifdef ESP8266
@@ -836,6 +930,10 @@ int8_t webserver_cb(struct webserver_t *client, void *dat) {
           client->route = 140;
         } else if (strcmp_P((char *)dat, PSTR("/rules")) == 0) {
           client->route = 160;
+#ifdef TLS_SUPPORT
+        } else if (strcmp_P((char *)dat, PSTR("/cacert")) == 0) {
+          client->route = 166; 
+#endif
         } else if (strcmp_P((char *)dat, PSTR("/scandallas")) == 0) {
           client->route = 180;          
         } else {
@@ -940,6 +1038,15 @@ int8_t webserver_cb(struct webserver_t *client, void *dat) {
                 f->write(args->value, args->len);
               }
             } break;
+#ifdef TLS_SUPPORT            
+          case 165: {
+              File *f = (File *)client->userdata;
+              if (f && *f && args->len > 0) {
+                  f->write((const uint8_t*)args->value, (size_t)args->len);
+              }
+              return 0;
+            } break;
+#endif
         }
       } break;
     case WEBSERVER_CLIENT_HEADER: {
@@ -1065,6 +1172,20 @@ int8_t webserver_cb(struct webserver_t *client, void *dat) {
           case 160: {
               return showRules(client);
             } break;
+#ifdef TLS_SUPPORT
+        case 165: {
+          if (client->userdata) {
+            File *pf = (File *)client->userdata;
+            pf->close();
+            delete pf;
+            client->userdata = NULL;
+          }
+          return handleCACert(client);
+        } break;
+        case 166: {
+          return showCACert(client);
+        } break; 
+#endif  
           case 170: {
               File *f = (File *)client->userdata;
               if (f) {
@@ -1127,6 +1248,9 @@ int8_t webserver_cb(struct webserver_t *client, void *dat) {
               }
             } break;
           case 160:
+#ifdef TLS_SUPPORT
+          case 165:
+#endif
           case 170: {
               if (client->userdata != NULL) {
                 File *f = (File *)client->userdata;
@@ -1270,9 +1394,21 @@ void switchSerial() {
 }
 
 void setupMqtt() {
-  mqtt_client.setClient(mqtt_wifi_client);
   mqtt_client.setBufferSize(1024);
+#ifdef TLS_SUPPORT
+  mqtt_client.setSocketTimeout(8); mqtt_client.setKeepAlive(30); //fast timeout, any slower than 10s will block the main loop too long (8s might be even safer to avoid reboots on bad wifi); short keepalive may lead to problems with TLS
+  if (heishamonSettings.mqtt_tls_enabled) {
+    if (!loadTlsCaFromFS(mqtt_tls_client)) {
+      log_message(_F("[TLS] Proceeding without valid CA (expect failure)"));
+    }
+    mqtt_client.setClient(mqtt_tls_client);
+  } else {
+    mqtt_client.setClient(mqtt_wifi_client);
+  }
+  last_tls_enabled = heishamonSettings.mqtt_tls_enabled;
+#else
   mqtt_client.setSocketTimeout(10); mqtt_client.setKeepAlive(5); //fast timeout, any slower will block the main loop too long
+#endif
   mqtt_client.setServer(heishamonSettings.mqtt_server, atoi(heishamonSettings.mqtt_port));
   mqtt_client.setCallback(mqtt_callback);
 }
@@ -1447,8 +1583,9 @@ void setup() {
   setupETH();
 #endif
 
-  loggingSerial.println(F("Setup MQTT..."));
-  setupMqtt();
+//  loggingSerial.println(F("Setup MQTT..."));
+//  setupMqtt();
+//shifted - TLS requires correct time
 
   loggingSerial.println(F("Setup HTTP..."));
   setupHttp();
@@ -1458,6 +1595,9 @@ void setup() {
   sntp_setoperatingmode(SNTP_OPMODE_POLL);
   sntp_init();
 
+  loggingSerial.println(F("Setup MQTT..."));
+  setupMqtt();
+
   loggingSerial.println(F("Switch serial..."));
   switchSerial(); //switch serial to gpio13/gpio15
 

From 0c42e9d6d26c956f683222db657e8776d42a9a91 Mon Sep 17 00:00:00 2001
From: confuzius0815 <136562234+confuzius0815@users.noreply.github.com>
Date: Sat, 29 Nov 2025 09:06:39 +0100
Subject: [PATCH 06/18] Update htmlcode.h added TLS support, part 2

ESP32 only. Added error handling for settings page.
---
 HeishaMon/htmlcode.h | 79 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)

diff --git a/HeishaMon/htmlcode.h b/HeishaMon/htmlcode.h
index c364e268..c3964d59 100644
--- a/HeishaMon/htmlcode.h
+++ b/HeishaMon/htmlcode.h
@@ -345,6 +345,37 @@ static const char settingsJS[] PROGMEM =
   "    }"
   "</script>";
 
+#ifdef TLS_SUPPORT
+static const char caUploadJS[] PROGMEM =
+  "<script>"
+  "  (function(){"
+  "    function uploadCA(){"
+  "      var f = document.getElementById('mqtt_ca_cert_file').files[0];"
+  "      var btn = document.getElementById('ca_upload_btn');"
+  "      var st  = document.getElementById('ca_status');"
+  "      if (!f) { st.innerText = 'Please choose a file first.'; return; }"
+  "      btn.disabled = true;"
+  "      st.innerText = 'Uploading...';"
+  "      var fd = new FormData();"
+  "      fd.append('cacert', f, f.name);"
+  "      var xhr = new XMLHttpRequest();"
+  "      xhr.onreadystatechange = function(){"
+  "        if (xhr.readyState === 4) {"
+  "          st.innerText = xhr.responseText || 'No response';"
+  "          btn.disabled = false;"
+  "          if (xhr.status === 200 && /success/i.test(st.innerText)) {"
+  "            if (typeof getSettings === 'function') { getSettings(); }"
+  "          }"
+  "        }"
+  "      };"
+  "      xhr.open('POST', '/cacert');"
+  "      xhr.send(fd);"
+  "    }"
+  "    window.uploadCA = uploadCA;"
+  "  })();"
+  "</script>";
+#endif
+
 /*static const char heatingCurveJS[] PROGMEM =
   "<script src=\"https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js\"></script>"
   "<script>"
@@ -880,6 +911,34 @@ static const char settingsForm1[] PROGMEM =
   "          <input type=\"password\" name=\"mqtt_password\" maxlength=\"64\" value=\"\">"
   "        </td>"
   "      </tr>"
+#ifdef TLS_SUPPORT
+  "      <tr>"
+  "        <td style=\"text-align:right; width: 50%\">"
+  "          Use TLS (use port 8883):</td>"
+  "        <td style=\"text-align:left\">"
+  "          <input type=\"checkbox\" id=\"mqtt_tls_enabled\" name=\"mqtt_tls_enabled\" value=\"enabled\">"
+  "        </td>"
+  "      </tr>"
+  "      <tr>"
+  "        <td style=\"text-align:right; width: 50%\">"
+  "          Root CA Certificate (PEM) - only required for TLS:</td>"
+  "        <td style=\"text-align:left\">"
+  "          <input type=\"file\" id=\"mqtt_ca_cert_file\" accept=\".pem,.crt,.cer\""
+  "                 onchange=\"document.getElementById('ca_file_name').innerText=this.files&&this.files[0]?this.files[0].name:'No file selected'\">"
+  "          <div id=\"ca_file_name\" style=\"margin-top:4px; font-size:12px; color:#666;\">No file selected</div>"
+  "        </td>"
+  "      </tr>"
+  "      <tr>"
+  "        <td></td>"
+  "        <td style=\"text-align:left\">"
+  "          <div style=\"display:flex; align-items:center; gap:8px; flex-wrap:wrap;\">"
+  "            <button type=\"button\" id=\"ca_upload_btn\" onclick=\"uploadCA()\">Upload CA</button>"
+  "            <button type=\"button\" onclick=\"window.open('/cacert','_blank')\">View / Download CA</button>"
+  "            <span id=\"ca_status\" style=\"font-style: italic; color: #555; margin-left:8px;\">No upload yet</span>"
+  "          </div>"
+  "        </td>"
+  "      </tr>"
+#endif
   "      <tr>"
   "        <td style=\"text-align:right; width: 50%\">"
   "          NTP servers (comma separated):</td>"
@@ -1282,7 +1341,15 @@ const char populategetsettingsJS[] PROGMEM =
   "  request.onreadystatechange = function(response) {"
   "    if(request.readyState === 4) {"
   "      if(request.status === 200) {"
+  "        try {"
   "        var jsonOptions = JSON.parse(request.responseText);"
+#ifdef TLS_SUPPORT
+  "        if (jsonOptions.mqtt_ca_cert) {"
+  "          document.getElementById('ca_status').innerText = jsonOptions.mqtt_ca_cert;"
+  "        } else {"
+  "          document.getElementById('ca_status').innerText = 'Unknown CA status';"
+  "        }"
+#endif
   "        for(var key in jsonOptions) {"
   "          var el = document.getElementsByName(key);"
   "          if(el.length > 0) {"
@@ -1315,6 +1382,18 @@ const char populategetsettingsJS[] PROGMEM =
   "            };"
   "          };"
   "        };"
+  "        } catch (e) {"
+  "          try { console.log('populate settings error:', e); } catch (_) {}"
+  "        } finally {"
+  "          var ls = document.getElementById('loading_settings');"
+  "          var sf = document.getElementById('settings_form');"
+  "          if (ls) ls.style.display = 'none';"
+  "          if (sf) sf.style.display = 'block';"
+  "          if (typeof changeMinWatt === 'function') {"
+  "            try { changeMinWatt(1); } catch (_) {}"
+  "            try { changeMinWatt(2); } catch (_) {}"
+  "          }"
+  "        }"
   "        document.getElementById(\"loading_settings\").style.display = \"none\";"
   "        document.getElementById(\"settings_form\").style.display = \"block\";"
   "        changeMinWatt(1);"

From e942cb1935869f68c44dba91361e8de435b9da2d Mon Sep 17 00:00:00 2001
From: confuzius0815 <136562234+confuzius0815@users.noreply.github.com>
Date: Sat, 29 Nov 2025 09:16:47 +0100
Subject: [PATCH 07/18] Update webfunctions.cpp TLS support - part 3

ESP32 only
---
 HeishaMon/webfunctions.cpp | 176 +++++++++++++++++++++++++++++++++++++
 1 file changed, 176 insertions(+)

diff --git a/HeishaMon/webfunctions.cpp b/HeishaMon/webfunctions.cpp
index 917d4451..3ec333f5 100644
--- a/HeishaMon/webfunctions.cpp
+++ b/HeishaMon/webfunctions.cpp
@@ -216,6 +216,9 @@ void loadSettings(settingsStruct *heishamonSettings) {
           if ( jsonDoc["mqtt_password"] ) strlcpy(heishamonSettings->mqtt_password, jsonDoc["mqtt_password"], sizeof(heishamonSettings->mqtt_password));
           if ( jsonDoc["ntp_servers"] ) strlcpy(heishamonSettings->ntp_servers, jsonDoc["ntp_servers"], sizeof(heishamonSettings->ntp_servers));
           if ( jsonDoc["timezone"]) heishamonSettings->timezone = jsonDoc["timezone"];
+#ifdef TLS_SUPPORT
+          heishamonSettings->mqtt_tls_enabled = ( jsonDoc["mqtt_tls_enabled"] == "enabled" ) ? true : false;
+#endif
           heishamonSettings->force_rules = ( jsonDoc["force_rules"] == "enabled" ) ? true : false;
           heishamonSettings->use_1wire = ( jsonDoc["use_1wire"] == "enabled" ) ? true : false;
           heishamonSettings->use_s0 = ( jsonDoc["use_s0"] == "enabled" ) ? true : false;
@@ -395,6 +398,13 @@ void settingsToJson(JsonDocument &jsonDoc, settingsStruct *heishamonSettings) {
   jsonDoc["mqtt_port"] = heishamonSettings->mqtt_port;
   jsonDoc["mqtt_username"] = heishamonSettings->mqtt_username;
   jsonDoc["mqtt_password"] = heishamonSettings->mqtt_password;
+#ifdef TLS_SUPPORT
+  if (heishamonSettings->mqtt_tls_enabled) {
+    jsonDoc["mqtt_tls_enabled"] = "enabled";
+  } else {
+    jsonDoc["mqtt_tls_enabled"] = "disabled";
+  }
+#endif
   if (heishamonSettings->use_1wire) {
     jsonDoc["use_1wire"] = "enabled";
   } else {
@@ -468,6 +478,90 @@ void saveJsonToFile(JsonDocument &jsonDoc, const char* filename) {
   }
 }
 
+#ifdef TLS_SUPPORT
+static bool processCAtmp_to_CAPEM(String &outMsg) {
+  outMsg = "";
+  File rf = LittleFS.open("/ca.tmp", "r");
+  if (!rf) {
+    outMsg = "Could not open /ca.tmp for reading";
+    return false;
+  }
+
+  size_t sz = rf.size();
+  if (sz == 0) {
+    outMsg = "Upload is empty";
+    rf.close();
+    return false;
+  }
+
+  if (sz > 6144) {
+    outMsg = "Uploaded file too large (>6kB)";
+    rf.close();
+    return false;
+  }
+
+  std::string s;
+  s.resize(sz);
+  size_t n = rf.readBytes(&s[0], sz);
+  rf.close();
+  s.resize(n);
+
+  // BEGIN/END check
+  const char *BEGIN_TAG = "-----BEGIN CERTIFICATE-----";
+  const char *END_TAG   = "-----END CERTIFICATE-----";
+  size_t b = s.find(BEGIN_TAG);
+  size_t e = s.find(END_TAG);
+
+  if (b == std::string::npos || e == std::string::npos) {
+    outMsg = "Uploaded certificate missing BEGIN/END";
+    return false;
+  }
+  e += strlen(END_TAG);
+
+
+  std::string cert = s.substr(b, e - b);
+  if (!cert.empty() && cert.back() != '\n') cert.push_back('\n');
+
+  if (cert.size() > 4096) {
+    outMsg = "Certificate too large (>4kB)";
+    log_message(_F("[WARN] Certificate >4kB – discarding."));
+    return false;
+  }
+
+  // Character check (PEM/Base64 + CR/LF/Space)
+  for (char c : cert) {
+    unsigned char uc = (unsigned char)c;
+    if (!(isalnum(uc) || c=='+'||c=='/'||c=='='||c=='\n'||c=='\r'||c==' '||c=='-')) {
+      outMsg = "Certificate contains invalid characters";
+      log_message(_F("[ERROR] Invalid character in certificate"));
+      return false;
+    }
+  }
+
+  File wf = LittleFS.open("/ca.pem.new", "w");
+  if (!wf) {
+    outMsg = "Could not open /ca.pem.new for writing";
+    return false;
+  }
+  size_t w = wf.write((const uint8_t*)cert.data(), cert.size());
+  wf.close();
+  if (w != cert.size()) {
+    outMsg = "Write to /ca.pem.new incomplete";
+    log_message(_F("[ERROR] Failed to write complete certificate to /ca.pem.new."));
+    LittleFS.remove("/ca.pem.new");
+    return false;
+  }
+
+  LittleFS.remove("/ca.pem");
+  LittleFS.rename("/ca.pem.new", "/ca.pem");
+  LittleFS.remove("/ca.tmp");
+
+  log_message(_F("[INFO] CA certificate stored as /ca.pem"));
+  outMsg = "CA certificate stored in filesystem";
+  return true;
+}
+#endif
+
 int saveSettings(struct webserver_t *client, settingsStruct *heishamonSettings) {
   const char *wifi_ssid = NULL;
   const char *wifi_password = NULL;
@@ -512,6 +606,10 @@ int saveSettings(struct webserver_t *client, settingsStruct *heishamonSettings)
       jsonDoc["mqtt_password"] = tmp->value;
     } else if (strcmp(tmp->name.c_str(), "use_1wire") == 0) {
       jsonDoc["use_1wire"] = tmp->value;
+#ifdef TLS_SUPPORT
+    } else if (strcmp(tmp->name.c_str(), "mqtt_tls_enabled") == 0) {
+    jsonDoc["mqtt_tls_enabled"] = tmp->value;
+#endif
     } else if (strcmp(tmp->name.c_str(), "use_s0") == 0) {
       jsonDoc["use_s0"] = tmp->value;
       if (strcmp(tmp->value.c_str(), "enabled") == 0) {
@@ -832,6 +930,26 @@ int getSettings(struct webserver_t *client, settingsStruct *heishamonSettings) {
         itoa(heishamonSettings->proxy, str, 10);
         webserver_send_content(client, str, strlen(str));
 #endif      
+#ifdef TLS_SUPPORT
+        webserver_send_content_P(client, PSTR(",\"mqtt_tls_enabled\":"), 20); 
+        itoa(heishamonSettings->mqtt_tls_enabled, str, 10);
+        webserver_send_content(client, str, strlen(str));
+        webserver_send_content_P(client, PSTR(",\"mqtt_ca_cert\":\""), 17);
+        if (LittleFS.exists("/ca.pem")) {
+            webserver_send_content_P(
+              client,
+              PSTR("CA certificate stored in filesystem"),
+              strlen_P(PSTR("CA certificate stored in filesystem"))
+            );
+          } else {
+            webserver_send_content_P(
+              client,
+              PSTR("No CA certificate found"),
+              strlen_P(PSTR("No CA certificate found"))
+            );
+          }
+        webserver_send_content_P(client, PSTR("\""), 1);
+#endif
         webserver_send_content_P(client, PSTR(",\"use_1wire\":"), 13);
         itoa(heishamonSettings->use_1wire, str, 10);
         webserver_send_content(client, str, strlen(str));
@@ -947,6 +1065,9 @@ int handleSettings(struct webserver_t *client) {
     webserver_send_content_P(client, settingsForm2, strlen_P(settingsForm2));
     webserver_send_content_P(client, menuJS, strlen_P(menuJS));
     webserver_send_content_P(client, settingsJS, strlen_P(settingsJS));
+#ifdef TLS_SUPPORT
+    webserver_send_content_P(client, caUploadJS, strlen_P(caUploadJS));
+#endif
     webserver_send_content_P(client, populategetsettingsJS, strlen_P(populategetsettingsJS));
   } else if (client->content == 3) {
     webserver_send_content_P(client, populatescanwifiJS, strlen_P(populatescanwifiJS));
@@ -957,6 +1078,35 @@ int handleSettings(struct webserver_t *client) {
   return 0;
 }
 
+#ifdef TLS_SUPPORT
+int handleCACert(struct webserver_t *client) {
+  static String s_resp; 
+  if (client->content == 0) {
+    String msg;
+    bool ok = processCAtmp_to_CAPEM(msg); 
+    
+    if (ok) {
+      s_resp = "CA upload success: " + msg;
+    } else {
+      s_resp = "CA upload failed: " + msg;
+    }
+
+    webserver_send(client, 200, (char*)"text/plain", s_resp.length());
+    return 0;
+  }
+
+  if (client->content == 1) {
+    if (s_resp.length() > 0) {
+      webserver_send_content(client, (char*)s_resp.c_str(), s_resp.length());
+    }
+    s_resp = "";
+    return 0;
+  }
+
+  return 0;
+}
+#endif
+
 int handleWifiScan(struct webserver_t *client) {
 #if defined(ESP32) 
   //first get result from previous scan
@@ -1387,6 +1537,32 @@ int showFirmware(struct webserver_t *client) {
   return 0;
 }
 
+#ifdef TLS_SUPPORT
+int showCACert(struct webserver_t *client) {
+  if (client->content == 0) {
+    webserver_send(client, 200, (char*)"text/plain", 0);
+    if (!LittleFS.exists("/ca.pem")) {
+      webserver_send_content_P(client, PSTR("No CA certificate uploaded yet\n"), 31);
+      return 0;
+    }
+    File f = LittleFS.open("/ca.pem", "r");
+    if (!f) {
+      webserver_send_content_P(client, PSTR("Failed to open /ca.pem\n"), 24);
+      return 0;
+    }
+    char buf[256];
+    while (f.available()) {
+      size_t n = f.readBytes(buf, sizeof(buf));
+      if (n > 0) {
+        webserver_send_content(client, buf, n);
+      }
+    }
+    f.close();
+  }
+  return 0;
+}
+#endif
+
 int showFirmwareSuccess(struct webserver_t *client) {
   if (client->content == 0) {
     webserver_send(client, 200, (char *)"text/html", strlen_P(firmwareSuccessResponse));

From 6cd9dc2fd4230b8fc631f72e4f97f2a0fbea1961 Mon Sep 17 00:00:00 2001
From: confuzius0815 <136562234+confuzius0815@users.noreply.github.com>
Date: Sat, 29 Nov 2025 09:18:36 +0100
Subject: [PATCH 08/18] Update webfunctions.h - added TLS support

---
 HeishaMon/webfunctions.h | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/HeishaMon/webfunctions.h b/HeishaMon/webfunctions.h
index 9071a4df..47a3e4a8 100644
--- a/HeishaMon/webfunctions.h
+++ b/HeishaMon/webfunctions.h
@@ -20,6 +20,12 @@
 
 #define HEATPUMP_VALUE_LEN    16
 
+#if defined(ESP32)
+  #ifndef TLS_SUPPORT
+    #define TLS_SUPPORT 1
+  #endif
+#endif
+
 void log_message(char* string);
 
 static IPAddress apIP(192, 168, 4, 1);
@@ -44,6 +50,9 @@ struct settingsStruct {
   char mqtt_password[65];
   char mqtt_topic_base[128] = "panasonic_heat_pump";
   char ntp_servers[254] = "pool.ntp.org";
+#ifdef TLS_SUPPORT
+  bool mqtt_tls_enabled = false;
+#endif
 
   bool force_rules = false; //force rules on boot, even after a crash
   bool listenonly = false; //listen only so heishamon can be installed parallel to cz-taw1, set commands will not work though
@@ -98,3 +107,7 @@ int showRules(struct webserver_t *client);
 int showFirmware(struct webserver_t *client);
 int showFirmwareSuccess(struct webserver_t *client);
 int showFirmwareFail(struct webserver_t *client);
+#ifdef TLS_SUPPORT
+int handleCACert(struct webserver_t *client);
+int showCACert(struct webserver_t *client);
+#endif

From bc261c7c63d01e102ed44c190117e4e223e9ba55 Mon Sep 17 00:00:00 2001
From: confuzius0815 <136562234+confuzius0815@users.noreply.github.com>
Date: Sat, 29 Nov 2025 09:31:40 +0100
Subject: [PATCH 09/18] added TLS support (ESP32 only)

---
 HeishaMon/HeishaMon.ino    | 2 +-
 HeishaMon/htmlcode.h       | 2 +-
 HeishaMon/webfunctions.cpp | 2 +-
 HeishaMon/webfunctions.h   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/HeishaMon/HeishaMon.ino b/HeishaMon/HeishaMon.ino
index a0c88b29..9dc216b0 100644
--- a/HeishaMon/HeishaMon.ino
+++ b/HeishaMon/HeishaMon.ino
@@ -893,7 +893,7 @@ int8_t webserver_cb(struct webserver_t *client, void *dat) {
             }
 #ifdef TLS_SUPPORT
         } else if (strcmp_P((char *)dat, PSTR("/cacert")) == 0) {
-          client->route = 165;
+          client->route = 165; 
           if (LittleFS.begin()) {
             LittleFS.remove("/ca.tmp");
             File cf = LittleFS.open("/ca.tmp", "w");
diff --git a/HeishaMon/htmlcode.h b/HeishaMon/htmlcode.h
index c3964d59..07e9fb30 100644
--- a/HeishaMon/htmlcode.h
+++ b/HeishaMon/htmlcode.h
@@ -345,7 +345,7 @@ static const char settingsJS[] PROGMEM =
   "    }"
   "</script>";
 
-#ifdef TLS_SUPPORT
+#ifdef TLS_SUPPORT 
 static const char caUploadJS[] PROGMEM =
   "<script>"
   "  (function(){"
diff --git a/HeishaMon/webfunctions.cpp b/HeishaMon/webfunctions.cpp
index 3ec333f5..5acfef03 100644
--- a/HeishaMon/webfunctions.cpp
+++ b/HeishaMon/webfunctions.cpp
@@ -217,7 +217,7 @@ void loadSettings(settingsStruct *heishamonSettings) {
           if ( jsonDoc["ntp_servers"] ) strlcpy(heishamonSettings->ntp_servers, jsonDoc["ntp_servers"], sizeof(heishamonSettings->ntp_servers));
           if ( jsonDoc["timezone"]) heishamonSettings->timezone = jsonDoc["timezone"];
 #ifdef TLS_SUPPORT
-          heishamonSettings->mqtt_tls_enabled = ( jsonDoc["mqtt_tls_enabled"] == "enabled" ) ? true : false;
+          heishamonSettings->mqtt_tls_enabled = ( jsonDoc["mqtt_tls_enabled"] == "enabled" ) ? true : false; 
 #endif
           heishamonSettings->force_rules = ( jsonDoc["force_rules"] == "enabled" ) ? true : false;
           heishamonSettings->use_1wire = ( jsonDoc["use_1wire"] == "enabled" ) ? true : false;
diff --git a/HeishaMon/webfunctions.h b/HeishaMon/webfunctions.h
index 47a3e4a8..79f55321 100644
--- a/HeishaMon/webfunctions.h
+++ b/HeishaMon/webfunctions.h
@@ -107,7 +107,7 @@ int showRules(struct webserver_t *client);
 int showFirmware(struct webserver_t *client);
 int showFirmwareSuccess(struct webserver_t *client);
 int showFirmwareFail(struct webserver_t *client);
-#ifdef TLS_SUPPORT
+#ifdef TLS_SUPPORT 
 int handleCACert(struct webserver_t *client);
 int showCACert(struct webserver_t *client);
 #endif

From ee246c5a58db0a6a89197aa25ca0626b67601220 Mon Sep 17 00:00:00 2001
From: Henry Falconer <14111426+henryfalconer@users.noreply.github.com>
Date: Thu, 11 Dec 2025 00:25:54 +0000
Subject: [PATCH 10/18] Added Communication Reliability section to Readme

---
 README.md | 31 ++++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 44fc5f8a..cfb7966f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[![Join us on Slack chat room](https://img.shields.io/badge/Slack-Join%20the%20chat%20room-orange)](https://join.slack.com/t/panasonic-wemos/shared_invite/enQtODg2MDY0NjE1OTI3LTgzYjkwMzIwNTAwZTMyYzgwNDQ1Y2QxYjkwODg3NjMyN2MyM2ViMDM3Yjc3OGE3MGRiY2FkYzI4MzZiZDVkNGE) 
+[![Join us on Slack chat room](https://img.shields.io/badge/Slack-Join%20the%20chat%20room-orange)](https://join.slack.com/t/panasonic-wemos/shared_invite/enQtODg2MDY0NjE1OTI3LTgzYjkwMzIwNTAwZTMyYzgwNDQ1Y2QxYjkwODg3NjMyN2MyM2ViMDM3Yjc3OGE3MGRiY2FkYzI4MzZiZDVkNGE)
 [![Build binary](https://github.com/the78mole/HeishaMon/actions/workflows/main.yml/badge.svg)](https://github.com/the78mole/HeishaMon/actions/workflows/main.yml)
 
 
@@ -330,6 +330,29 @@ All the [libs we use](LIBSUSED.md) necessary for compiling.
 ## MQTT topics
 [Current list of documented MQTT topics can be found here](MQTT-Topics.md)
 
+## Communication reliability
+Messages from HeishaMon to the heatpump will occasionally be dropped, especially if multiple settings are changed within a short time. It's not feasible for HeishaMon to retry all dropped messages, so users should implement their own retry logic.
+
+The suggested retry logic is as follows:
+1. After changing a heatpump setting via HeishaMon, you should wait for HeishaMon to report that the setting has been changed.
+2. If the setting isn't updated after 10 seconds, set it again.
+
+This can be implemented on the HeishaMon itself using Rules if you wish, as in this example:
+```
+on StopExternalControl then
+  if @External_Control != 0 then
+    @SetExternalControl = 0;
+    settimer(9,10);
+  end
+end
+
+on timer=9 then
+  if @External_Control != 0 then
+    @SetExternalControl = 0;
+  end
+end
+```
+
 ## EEPROM warning
 As until today we don't know how the commands sent to the heatpump are processed in the heatpump itself. Most probably a lot of commands are written to EEPROM to be stored and available after a power failure, like setting the DHW temp. An EEPROM can facility a lot of writes but there is a limit. And we don't know the limit either. So make sure you don't overload the heatpump with too many commands. Every second is way too much. Just a few per hour, per settings, should probably be fine. Anyway, an heatpump is a slow heating(cooling) device so making changes that often is probably not even going to make any sense either.
 
@@ -342,9 +365,9 @@ The newer, large, heishamon contains two onboard relays which can be switched on
 ## Opentherm support
 If your heishamon board supports opentherm the software can also be used to bridge opentherm information from a compatible thermostat to your home automation over MQTT or JSON and as mentioned above it can also be connected directly in the rules to connect opentherm information to the heatpump and back, for example to display the outside temperature from the heatpump on your opentherm thermostat. If you enable opentherm support in settings there will be a new tab visible in the web page. On that tab you will see opentherm values. Some are of type R(ead) and some are W(rite), and some are both. Read means that the thermostat can read that information from the heishamon. You provide that information over MQTT (or using the rules) by updating this value on the mqtt 'opentherm/read' topic, for example 'panasonic_heat_pump/opentherm/read/outsideTemp'. The write values are information from the thermostat, like 'roomTemp'. These are available on mqtt topic 'opentherm/write'. You can use these values to change the heatpump behaviour in anyway you want using your home automation and mqtt set-commands to heishamon on using the internal rules.
 
-The available opentherm variables are: 
+The available opentherm variables are:
 ### WRITE values
-- chEnable which is a boolean showing if central heating shoud be enabled. This is often used when the thermostat wants to heat up your house. 
+- chEnable which is a boolean showing if central heating shoud be enabled. This is often used when the thermostat wants to heat up your house.
 - dhwEnable which is a boolean showing if the dhw heating should be enabled. Often used as a user option on the thermostat to disable DHW heating during vacation
 - coolingEnable which is a boolean showing if  cooling should be enabled. Amount of cooling is request in 'coolingControl', see below.
 - roomTemp is the floating point value of the measured room temp by thermostat
@@ -383,5 +406,3 @@ The available opentherm variables are:
 [IOBroker Manual](Integrations/ioBroker_manual)
 
 [Domoticz](Integrations/Domoticz)
-
-

From 61d00fc8eef2eb88cb803b3d90977f103f1372cc Mon Sep 17 00:00:00 2001
From: ghecker1 <79323013+ghecker1@users.noreply.github.com>
Date: Mon, 22 Dec 2025 23:04:49 +0100
Subject: [PATCH 11/18] Add SET39 - Set Heating Control

---
 HeishaMon/commands.cpp | 23 +++++++++++++++++++++++
 HeishaMon/commands.h   |  2 ++
 MQTT-Topics.md         |  1 +
 3 files changed, 26 insertions(+)

diff --git a/HeishaMon/commands.cpp b/HeishaMon/commands.cpp
index f3d8d29c..308bc746 100644
--- a/HeishaMon/commands.cpp
+++ b/HeishaMon/commands.cpp
@@ -870,6 +870,29 @@ unsigned int set_external_error(char *msg, unsigned char *cmd, char *log_msg){
   return sizeof(panasonicSendQuery);
 }
 
+unsigned int set_heatingcontrol(char *msg, unsigned char *cmd, char *log_msg) {
+
+  const byte address=30;
+  byte value = 0b01;
+
+  if ( String(msg).toInt() == 1 ) {
+    value = 0b10;
+  }
+
+  {
+    char tmp[256] = { 0 };
+    snprintf_P(tmp, 255, PSTR("set heating control %d"), value - 1);
+    memcpy(log_msg, tmp, sizeof(tmp));
+  }
+
+  {
+    memcpy_P(cmd, panasonicSendQuery, sizeof(panasonicSendQuery));
+    cmd[address] = value << 2;
+  }
+
+  return sizeof(panasonicSendQuery);
+}
+
 unsigned int set_external_compressor_control(char *msg, unsigned char *cmd, char *log_msg){
   const byte off_state=64;
   const byte address=23;
diff --git a/HeishaMon/commands.h b/HeishaMon/commands.h
index ba748c89..3f465dd6 100644
--- a/HeishaMon/commands.h
+++ b/HeishaMon/commands.h
@@ -66,6 +66,7 @@ unsigned int set_bivalent_ap_start_temp(char *msg, unsigned char *cmd, char *log
 unsigned int set_bivalent_ap_stop_temp(char *msg, unsigned char *cmd, char *log_msg);
 unsigned int set_external_control(char *msg, unsigned char *cmd, char *log_msg);
 unsigned int set_external_error(char *msg, unsigned char *cmd, char *log_msg);
+unsigned int set_heatingcontrol(char *msg, unsigned char *cmd, char *log_msg);
 
 //optional pcb commands
 unsigned int set_heat_cool_mode(char *msg, char *log_msg);
@@ -153,6 +154,7 @@ const cmdStruct commands[] PROGMEM = {
   { "SetBivalentAPStartTemp", set_bivalent_ap_start_temp },
   // bivalent AP stop temp -  set from -15C to 35C
   { "SetBivalentAPStopTemp", set_bivalent_ap_stop_temp },
+  { "SetHeatingControl", set_heatingcontrol },
 };
 
 struct optCmdStruct{
diff --git a/MQTT-Topics.md b/MQTT-Topics.md
index ce020ba0..d39f5f84 100644
--- a/MQTT-Topics.md
+++ b/MQTT-Topics.md
@@ -222,6 +222,7 @@ SET35 | SetBivalentMode | Set bivalent mode | 0=alternative, 1=parallel, 2=advan
 SET36 | SetBivalentStartTemp | Set bivalent start temp | -15 to 35
 SET37 | SetBivalentAPStartTemp | Set bivalent adv. par. start temp | -15 to 35
 SET38 | SetBivalentAPStopTemp | Set bivalent adv. par. stop temp | -15 to 35
+SET39 | SetHeatingControl | Set heating control | 0=comfort, 1=efficiency
 
 
 *If you operate your heatpump in water mode with direct temperature setup: topics ending xxxRequestTemperature will set the absolute target temperature.*

From bc0e74d9c1dbf0960090e5a0d8577b88514ecc59 Mon Sep 17 00:00:00 2001
From: ghecker1 <79323013+ghecker1@users.noreply.github.com>
Date: Mon, 22 Dec 2025 23:04:51 +0100
Subject: [PATCH 12/18] Add TOP139 Heating Control

---
 HeishaMon/decode.h     | 7 ++++++-
 MQTT-Topics.md         | 1 +
 ProtocolByteDecrypt.md | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/HeishaMon/decode.h b/HeishaMon/decode.h
index 3a02ee5f..a9128aa4 100644
--- a/HeishaMon/decode.h
+++ b/HeishaMon/decode.h
@@ -42,7 +42,7 @@ static const char _unknown[] PROGMEM = "unknown";
 
 
 
-#define NUMBER_OF_TOPICS 139 //last topic number + 1
+#define NUMBER_OF_TOPICS 140 //last topic number + 1
 #define NUMBER_OF_TOPICS_EXTRA 6 //last topic number + 1
 #define NUMBER_OF_OPT_TOPICS 7 //last topic number + 1
 #define MAX_TOPIC_LEN 42 // max length + 1
@@ -215,6 +215,7 @@ static const char topics[][MAX_TOPIC_LEN] PROGMEM = {
   "Bivalent_Advanced_Start_Delay",//TOP136
   "Bivalent_Advanced_Stop_Delay",//TOP137
   "Bivalent_Advanced_DHW_Delay",//TOP138
+  "Heating_Control",         //TOP139
 };
 
 static const byte topicBytes[] PROGMEM = { //can store the index as byte (8-bit unsigned humber) as there aren't more then 255 bytes (actually only 203 bytes) to decode
@@ -357,6 +358,7 @@ static const byte topicBytes[] PROGMEM = { //can store the index as byte (8-bit
   67,    //TOP136
   69,    //TOP137
   70,    //TOP138
+  30,    //TOP139
 };
 
 
@@ -511,6 +513,7 @@ static const topicFP topicFunctions[] PROGMEM = {
   getIntMinus1,      //TOP136
   getIntMinus1,      //TOP137
   getIntMinus1,      //TOP138
+  getBit5and6,       //TOP139
 };
 
 static const char *DisabledEnabled[] PROGMEM = {"2", "Disabled", "Enabled"};
@@ -548,6 +551,7 @@ static const char *ExtPadHeaterType[] PROGMEM = {"3", "Disabled", "Type-A","Type
 static const char *Bivalent[] PROGMEM = {"3", "Alternative", "Parallel", "Advanced Parallel"};
 static const char *Percent[] PROGMEM = {"0", "%"};
 static const char *Model[] PROGMEM = {"0", "Model"};
+static const char *HeatingControl[] PROGMEM = {"2", "Comfort", "Efficiency"};
 
 static const char **opttopicDescription[] PROGMEM = {
   OffOn,          //OPT0
@@ -708,4 +712,5 @@ static const char **topicDescription[] PROGMEM = {
   Minutes,         //TOP136
   Minutes,         //TOP137
   Minutes,         //TOP138
+  HeatingControl,  //TOP139
 };
diff --git a/MQTT-Topics.md b/MQTT-Topics.md
index d39f5f84..e75b7665 100644
--- a/MQTT-Topics.md
+++ b/MQTT-Topics.md
@@ -155,6 +155,7 @@ TOP135 | main/Bivalent_Advanced_Stop_Temp	 | Bivalent adv. par. heat stop temp
 TOP136 | main/Bivalent_Advanced_Start_Delay	 | Bivalent adv. par. heat start delay
 TOP137 | main/Bivalent_Advanced_Stop_Delay	 | Bivalent adv. par. heat stop delay
 TOP138 | main/Bivalent_Advanced_DHW_Delay	 | Bivalent adv. par. DHW delay
+TOP139 | main/Heating_Control | Heating Control
 
 
 
diff --git a/ProtocolByteDecrypt.md b/ProtocolByteDecrypt.md
index 03a57ae3..8dc0ed67 100644
--- a/ProtocolByteDecrypt.md
+++ b/ProtocolByteDecrypt.md
@@ -32,7 +32,7 @@
 |  TOP | 27 | 05 | SG Ready Control on/off (bit5and6) ,Demand Control on/off (bit7and8)  | SG Ready Control, Demand Control |
 |  TOP76+TOP81 | 28 | 09 | (hex) 09 - Compensation curve heat and direct cool, 05 - both compensation curves , 0a - direct heat and direct cool, 06 - heat direct, cool compensation curve  | Operation Setup -Installer -water temperature heating on status and cooling |
 |  TOP106 | 29 | 00 | 3rd & 4th bit = b01 - deltaT , b10 - Max. Duty | Pump flowrate (J/K/L series) |
-|  TOP | 30 | 00 |  5th & 6th bit = b01 - Comfort , b10 - Efficiency <br/> 7th & 8th bit = b01 - DHW Defrost NO , b10 - DHW Defrost YES | Heating Control (K/L series) <br/> DHW Defrost (K/L series) |
+|  TOP139 | 30 | 00 |  5th & 6th bit = Heating Control (b01=Comfort, b10=Efficiency) <br/> 7th & 8th bit = DHW Defrost (b01=No, b10=Yes) | Heating Control (K/L series) <br/> DHW Defrost (K/L series) |
 |  TOP | 31 | 00 |   | 0 byte |
 |  TOP | 32 | 00 |   | 0 byte |
 |  TOP | 33 | 00 |   | 0 byte |

From 27cb2e2ecc8be98754cdec0303f2b74c35829276 Mon Sep 17 00:00:00 2001
From: ghecker1 <79323013+ghecker1@users.noreply.github.com>
Date: Mon, 22 Dec 2025 23:04:52 +0100
Subject: [PATCH 13/18] Add SET40 - SetSmartDHW

---
 HeishaMon/commands.cpp | 23 +++++++++++++++++++++++
 HeishaMon/commands.h   |  2 ++
 MQTT-Topics.md         |  1 +
 3 files changed, 26 insertions(+)

diff --git a/HeishaMon/commands.cpp b/HeishaMon/commands.cpp
index 308bc746..5eb5bc60 100644
--- a/HeishaMon/commands.cpp
+++ b/HeishaMon/commands.cpp
@@ -893,6 +893,29 @@ unsigned int set_heatingcontrol(char *msg, unsigned char *cmd, char *log_msg) {
   return sizeof(panasonicSendQuery);
 }
 
+unsigned int set_smart_dhw(char *msg, unsigned char *cmd, char *log_msg) {
+
+  const byte address=24;
+  byte value = 0b01;
+
+  if ( String(msg).toInt() == 1 ) {
+    value = 0b10;
+  }
+
+  {
+    char tmp[256] = { 0 };
+    snprintf_P(tmp, 255, PSTR("set smart dhw %d"), value - 1);
+    memcpy(log_msg, tmp, sizeof(tmp));
+  }
+
+  {
+    memcpy_P(cmd, panasonicSendQuery, sizeof(panasonicSendQuery));
+    cmd[address] = value << 6;
+  }
+
+  return sizeof(panasonicSendQuery);
+}
+
 unsigned int set_external_compressor_control(char *msg, unsigned char *cmd, char *log_msg){
   const byte off_state=64;
   const byte address=23;
diff --git a/HeishaMon/commands.h b/HeishaMon/commands.h
index 3f465dd6..3391a68b 100644
--- a/HeishaMon/commands.h
+++ b/HeishaMon/commands.h
@@ -67,6 +67,7 @@ unsigned int set_bivalent_ap_stop_temp(char *msg, unsigned char *cmd, char *log_
 unsigned int set_external_control(char *msg, unsigned char *cmd, char *log_msg);
 unsigned int set_external_error(char *msg, unsigned char *cmd, char *log_msg);
 unsigned int set_heatingcontrol(char *msg, unsigned char *cmd, char *log_msg);
+unsigned int set_smart_dhw(char *msg, unsigned char *cmd, char *log_msg);
 
 //optional pcb commands
 unsigned int set_heat_cool_mode(char *msg, char *log_msg);
@@ -155,6 +156,7 @@ const cmdStruct commands[] PROGMEM = {
   // bivalent AP stop temp -  set from -15C to 35C
   { "SetBivalentAPStopTemp", set_bivalent_ap_stop_temp },
   { "SetHeatingControl", set_heatingcontrol },
+  { "SetSmartDHW", set_smart_dhw },
 };
 
 struct optCmdStruct{
diff --git a/MQTT-Topics.md b/MQTT-Topics.md
index e75b7665..bca4b434 100644
--- a/MQTT-Topics.md
+++ b/MQTT-Topics.md
@@ -224,6 +224,7 @@ SET36 | SetBivalentStartTemp | Set bivalent start temp | -15 to 35
 SET37 | SetBivalentAPStartTemp | Set bivalent adv. par. start temp | -15 to 35
 SET38 | SetBivalentAPStopTemp | Set bivalent adv. par. stop temp | -15 to 35
 SET39 | SetHeatingControl | Set heating control | 0=comfort, 1=efficiency
+SET40 | SetSmartDHW | Set SmartDHW | 0=variable, 1=standard
 
 
 *If you operate your heatpump in water mode with direct temperature setup: topics ending xxxRequestTemperature will set the absolute target temperature.*

From 9c784ebe01098daa9c582e776d3851fc5f5ef23d Mon Sep 17 00:00:00 2001
From: ghecker1 <79323013+ghecker1@users.noreply.github.com>
Date: Mon, 22 Dec 2025 23:04:54 +0100
Subject: [PATCH 14/18] Add TOP140 - Smart DHW

---
 HeishaMon/decode.h     | 7 ++++++-
 MQTT-Topics.md         | 1 +
 ProtocolByteDecrypt.md | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/HeishaMon/decode.h b/HeishaMon/decode.h
index a9128aa4..e915df0d 100644
--- a/HeishaMon/decode.h
+++ b/HeishaMon/decode.h
@@ -42,7 +42,7 @@ static const char _unknown[] PROGMEM = "unknown";
 
 
 
-#define NUMBER_OF_TOPICS 140 //last topic number + 1
+#define NUMBER_OF_TOPICS 141 //last topic number + 1
 #define NUMBER_OF_TOPICS_EXTRA 6 //last topic number + 1
 #define NUMBER_OF_OPT_TOPICS 7 //last topic number + 1
 #define MAX_TOPIC_LEN 42 // max length + 1
@@ -216,6 +216,7 @@ static const char topics[][MAX_TOPIC_LEN] PROGMEM = {
   "Bivalent_Advanced_Stop_Delay",//TOP137
   "Bivalent_Advanced_DHW_Delay",//TOP138
   "Heating_Control",         //TOP139
+  "Smart_DHW",               //TOP140
 };
 
 static const byte topicBytes[] PROGMEM = { //can store the index as byte (8-bit unsigned humber) as there aren't more then 255 bytes (actually only 203 bytes) to decode
@@ -359,6 +360,7 @@ static const byte topicBytes[] PROGMEM = { //can store the index as byte (8-bit
   69,    //TOP137
   70,    //TOP138
   30,    //TOP139
+  24,    //TOP140
 };
 
 
@@ -514,6 +516,7 @@ static const topicFP topicFunctions[] PROGMEM = {
   getIntMinus1,      //TOP137
   getIntMinus1,      //TOP138
   getBit5and6,       //TOP139
+  getBit1and2,       //TOP140
 };
 
 static const char *DisabledEnabled[] PROGMEM = {"2", "Disabled", "Enabled"};
@@ -552,6 +555,7 @@ static const char *Bivalent[] PROGMEM = {"3", "Alternative", "Parallel", "Advanc
 static const char *Percent[] PROGMEM = {"0", "%"};
 static const char *Model[] PROGMEM = {"0", "Model"};
 static const char *HeatingControl[] PROGMEM = {"2", "Comfort", "Efficiency"};
+static const char *SmartDHW[] PROGMEM = {"2", "Variable", "Standard"};
 
 static const char **opttopicDescription[] PROGMEM = {
   OffOn,          //OPT0
@@ -713,4 +717,5 @@ static const char **topicDescription[] PROGMEM = {
   Minutes,         //TOP137
   Minutes,         //TOP138
   HeatingControl,  //TOP139
+  SmartDHW,        //TOP140
 };
diff --git a/MQTT-Topics.md b/MQTT-Topics.md
index bca4b434..2d082253 100644
--- a/MQTT-Topics.md
+++ b/MQTT-Topics.md
@@ -156,6 +156,7 @@ TOP136 | main/Bivalent_Advanced_Start_Delay	 | Bivalent adv. par. heat start del
 TOP137 | main/Bivalent_Advanced_Stop_Delay	 | Bivalent adv. par. heat stop delay
 TOP138 | main/Bivalent_Advanced_DHW_Delay	 | Bivalent adv. par. DHW delay
 TOP139 | main/Heating_Control | Heating Control
+TOP140 | main/Smart_DHW | Smart DHW
 
 
 
diff --git a/ProtocolByteDecrypt.md b/ProtocolByteDecrypt.md
index 8dc0ed67..174e8c60 100644
--- a/ProtocolByteDecrypt.md
+++ b/ProtocolByteDecrypt.md
@@ -26,7 +26,7 @@
 |  TOP | 21 | 15 |  (hex) 15 - One  Zone and Z1 as room , 19 - One Zone and Z1 as pool, 16 - Two Zones and Z2 as room, 26 - Two Zones ,Z2 as pool| No. of Zones and Zone Destination |
 |  TOP111+TOP112 | 22 | 11 |First digit -Z2 ,Second digit Z1 (hex) 1 - water temperature,2 - External Thermostat, 3 - Internal Thermostat, , 4 - Thermistor  | Zone & sensor settings ( system setup - Installer ) | 
 | TOP119/120/121/122 | 23 | 55 | 1st/2nd bit = external compressor control, 3rd/4th bit = external error signal, 5th/6h bit = heat/cool-switch, 7th/8th bit = external control switch | External control, heat/cool switch, error signal and External compressor control switch (menu settings)|
-|  TOP99+TOP100+TOP101 | 24 | 16 | 1st & 2nd bit Smart DHW -All-In-One only, 3rd & 4th bit = solar buffer (0b01=no solar, 0b10=solar buffer, 0b11=solar dhw), 5th & 6th bit = buffer installed, 7th & 8th bit = DHW installed|
+|  TOP140+TOP99+TOP100+TOP101 | 24 | 16 | 1st & 2nd bit Smart DHW (L series) (b01=Variable, b10=Standard) <br/> 3rd & 4th bit = solar buffer (0b01=no solar, 0b10=solar buffer, 0b11=solar dhw) <br/> 5th & 6th bit = buffer installed <br/> 7th & 8th bit = DHW installed |
 |  TOP114 | 25 | 5e | 1st & 2nd bit = 10 <br/> 3rd & 4th bit = b01 no Pad Heater, b10 - Type A, b11 Type B <br/> 5th & 6th bit = b01 - Internal Heater 3kW, b10 - 6kW, b11 - 9kW <br/> 7th & 8th bit = b01 DHW Internal Heater , b10 - DHW External Heater | External Pad Heater <br/> Power of internal heater <br/> DHW heater Internal/External |
 |  TOP129/130/13/132 | 26 | 55 | (hex) Bivalent control, mode and ap settings. | Bivalent settings |
 |  TOP | 27 | 05 | SG Ready Control on/off (bit5and6) ,Demand Control on/off (bit7and8)  | SG Ready Control, Demand Control |

From c6dce7f47ab3d2c222958698903d3fbc787dc0f8 Mon Sep 17 00:00:00 2001
From: ghecker1 <79323013+ghecker1@users.noreply.github.com>
Date: Mon, 22 Dec 2025 23:04:55 +0100
Subject: [PATCH 15/18] Add TOP141 - Quiet_Mode_Priority

---
 HeishaMon/decode.h     | 7 ++++++-
 MQTT-Topics.md         | 1 +
 ProtocolByteDecrypt.md | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/HeishaMon/decode.h b/HeishaMon/decode.h
index e915df0d..d2872f7b 100644
--- a/HeishaMon/decode.h
+++ b/HeishaMon/decode.h
@@ -42,7 +42,7 @@ static const char _unknown[] PROGMEM = "unknown";
 
 
 
-#define NUMBER_OF_TOPICS 141 //last topic number + 1
+#define NUMBER_OF_TOPICS 142 //last topic number + 1
 #define NUMBER_OF_TOPICS_EXTRA 6 //last topic number + 1
 #define NUMBER_OF_OPT_TOPICS 7 //last topic number + 1
 #define MAX_TOPIC_LEN 42 // max length + 1
@@ -217,6 +217,7 @@ static const char topics[][MAX_TOPIC_LEN] PROGMEM = {
   "Bivalent_Advanced_DHW_Delay",//TOP138
   "Heating_Control",         //TOP139
   "Smart_DHW",               //TOP140
+  "Quiet_Mode_Priority",     //TOP141
 };
 
 static const byte topicBytes[] PROGMEM = { //can store the index as byte (8-bit unsigned humber) as there aren't more then 255 bytes (actually only 203 bytes) to decode
@@ -361,6 +362,7 @@ static const byte topicBytes[] PROGMEM = { //can store the index as byte (8-bit
   70,    //TOP138
   30,    //TOP139
   24,    //TOP140
+  11,    //TOP141
 };
 
 
@@ -517,6 +519,7 @@ static const topicFP topicFunctions[] PROGMEM = {
   getIntMinus1,      //TOP138
   getBit5and6,       //TOP139
   getBit1and2,       //TOP140
+  getBit3and4,       //TOP141
 };
 
 static const char *DisabledEnabled[] PROGMEM = {"2", "Disabled", "Enabled"};
@@ -556,6 +559,7 @@ static const char *Percent[] PROGMEM = {"0", "%"};
 static const char *Model[] PROGMEM = {"0", "Model"};
 static const char *HeatingControl[] PROGMEM = {"2", "Comfort", "Efficiency"};
 static const char *SmartDHW[] PROGMEM = {"2", "Variable", "Standard"};
+static const char *QuietModePriority[] PROGMEM = {"2", "Sound", "Capacity"};
 
 static const char **opttopicDescription[] PROGMEM = {
   OffOn,          //OPT0
@@ -718,4 +722,5 @@ static const char **topicDescription[] PROGMEM = {
   Minutes,         //TOP138
   HeatingControl,  //TOP139
   SmartDHW,        //TOP140
+  QuietModePriority, //TOP141
 };
diff --git a/MQTT-Topics.md b/MQTT-Topics.md
index 2d082253..aec126ef 100644
--- a/MQTT-Topics.md
+++ b/MQTT-Topics.md
@@ -157,6 +157,7 @@ TOP137 | main/Bivalent_Advanced_Stop_Delay	 | Bivalent adv. par. heat stop delay
 TOP138 | main/Bivalent_Advanced_DHW_Delay	 | Bivalent adv. par. DHW delay
 TOP139 | main/Heating_Control | Heating Control
 TOP140 | main/Smart_DHW | Smart DHW
+TOP141 | main/Quiet_Mode_Priority | Quiet Mode Priority (0=sound, 1=capacity)
 
 
 
diff --git a/ProtocolByteDecrypt.md b/ProtocolByteDecrypt.md
index 174e8c60..a3d7e7cb 100644
--- a/ProtocolByteDecrypt.md
+++ b/ProtocolByteDecrypt.md
@@ -13,7 +13,7 @@
 |  TOP | 08 | 00 |   | 0 byte |
 |  TOP58+TOP59 | 09 | 05 | 3rd & 4th bit = b01 Standard, b10 - DHW Standard/Variable (J-series only)<br/>5th & 6th bit = b01 DHW heater off, b10 - DHW heater on<br/>7rd & 8th bit = b01 Water heater off, b10 - Water heater on | DHW capacity (J-series only)<br/>Heaters enable allowed status|
 |  TOP | 10 | 00 |   | 0 byte |
-|  TOP | 11 | 00 | 3rd & 4th bit = b01 - Sound , b10 - Capacity <br/> 7th & 8th bit = b01 - DHW Top sensor , b10 - DHW Center Sensor | Quiet Mode Priority (K/L series) <br/> Only All-In-One |
+|  TOP141 | 11 | 00 | 3rd & 4th bit = b01 - Sound , b10 - Capacity <br/> 7th & 8th bit = b01 - DHW Top sensor , b10 - DHW Center Sensor | Quiet Mode Priority (K/L series) <br/> Only All-In-One |
 |  TOP | 12 | 00 |   | 0 byte |
 |  TOP | 13 | 00 |   | 0 byte |
 |  TOP | 14 | 00 |   | 0 byte |

From 062d8e5b9b5038a8150cbfbce363e52da216cf52 Mon Sep 17 00:00:00 2001
From: ghecker1 <79323013+ghecker1@users.noreply.github.com>
Date: Mon, 22 Dec 2025 23:05:02 +0100
Subject: [PATCH 16/18] Add SET41 - SetQuietModePriority

---
 HeishaMon/commands.cpp | 23 +++++++++++++++++++++++
 HeishaMon/commands.h   |  2 ++
 MQTT-Topics.md         |  1 +
 3 files changed, 26 insertions(+)

diff --git a/HeishaMon/commands.cpp b/HeishaMon/commands.cpp
index 5eb5bc60..67e3c2f5 100644
--- a/HeishaMon/commands.cpp
+++ b/HeishaMon/commands.cpp
@@ -916,6 +916,29 @@ unsigned int set_smart_dhw(char *msg, unsigned char *cmd, char *log_msg) {
   return sizeof(panasonicSendQuery);
 }
 
+unsigned int set_quiet_mode_priority(char *msg, unsigned char *cmd, char *log_msg) {
+
+  const byte address=11;
+  byte value = 0b01;
+
+  if ( String(msg).toInt() == 1 ) {
+    value = 0b10;
+  }
+
+  {
+    char tmp[256] = { 0 };
+    snprintf_P(tmp, 255, PSTR("set quiet mode priority %d"), value - 1);
+    memcpy(log_msg, tmp, sizeof(tmp));
+  }
+
+  {
+    memcpy_P(cmd, panasonicSendQuery, sizeof(panasonicSendQuery));
+    cmd[address] = value << 4;
+  }
+
+  return sizeof(panasonicSendQuery);
+}
+
 unsigned int set_external_compressor_control(char *msg, unsigned char *cmd, char *log_msg){
   const byte off_state=64;
   const byte address=23;
diff --git a/HeishaMon/commands.h b/HeishaMon/commands.h
index 3391a68b..0351cb93 100644
--- a/HeishaMon/commands.h
+++ b/HeishaMon/commands.h
@@ -68,6 +68,7 @@ unsigned int set_external_control(char *msg, unsigned char *cmd, char *log_msg);
 unsigned int set_external_error(char *msg, unsigned char *cmd, char *log_msg);
 unsigned int set_heatingcontrol(char *msg, unsigned char *cmd, char *log_msg);
 unsigned int set_smart_dhw(char *msg, unsigned char *cmd, char *log_msg);
+unsigned int set_quiet_mode_priority(char *msg, unsigned char *cmd, char *log_msg);
 
 //optional pcb commands
 unsigned int set_heat_cool_mode(char *msg, char *log_msg);
@@ -157,6 +158,7 @@ const cmdStruct commands[] PROGMEM = {
   { "SetBivalentAPStopTemp", set_bivalent_ap_stop_temp },
   { "SetHeatingControl", set_heatingcontrol },
   { "SetSmartDHW", set_smart_dhw },
+  { "SetQuietModePriority", set_quiet_mode_priority },
 };
 
 struct optCmdStruct{
diff --git a/MQTT-Topics.md b/MQTT-Topics.md
index aec126ef..bfecc596 100644
--- a/MQTT-Topics.md
+++ b/MQTT-Topics.md
@@ -227,6 +227,7 @@ SET37 | SetBivalentAPStartTemp | Set bivalent adv. par. start temp | -15 to 35
 SET38 | SetBivalentAPStopTemp | Set bivalent adv. par. stop temp | -15 to 35
 SET39 | SetHeatingControl | Set heating control | 0=comfort, 1=efficiency
 SET40 | SetSmartDHW | Set SmartDHW | 0=variable, 1=standard
+SET41 | SetQuietModePriority | Set Quiet Mode Priority | 0=sound, 1=capacity
 
 
 *If you operate your heatpump in water mode with direct temperature setup: topics ending xxxRequestTemperature will set the absolute target temperature.*

From 5d93469b62be1df275292d8b09eda8c658c13044 Mon Sep 17 00:00:00 2001
From: confuzius0815 <136562234+confuzius0815@users.noreply.github.com>
Date: Sat, 27 Dec 2025 11:12:56 +0100
Subject: [PATCH 17/18] Added TLS documentation

---
 README.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/README.md b/README.md
index 44fc5f8a..4298576f 100644
--- a/README.md
+++ b/README.md
@@ -374,6 +374,19 @@ The available opentherm variables are:
 ## Protocol byte decrypt info:
 [Current list of documented bytes decrypted can be found here](ProtocolByteDecrypt.md)
 
+## MQTT TLS support:
+TLS support or MQTT is currently implemented only for the ESP32 version. TLS is disabled by default and can be enabled in the settings. When enabling, make sure that your MQTT broker accepts secure connection from heishamon, including setting up a PEM CA certificate (e.g. self-signed). Such a certificate will roughly look as follows (the x's being seemingly random characters... the BEGIN and END lines belong to the certificate):
+-----BEGIN CERTIFICATE-----
+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+===========THIS=====IS====JUST===A====PLACEHOLDER===============================
+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+-----END CERTIFICATE-----
+Upolad a text file (plain text with suffix pem, e.g. "CA.pem") of the certificate to heishamon in the setting screen. If the syntaxt is correct it will be stored, otherwise discarded. After having uploaded the certificate, activate TLS support and (in usual setups) switch the MQTT port to 8883. !!There will be no support for TLS problems!! Google can help you with problems. In case of problems, first try without TLS support and only after that works try to switch TLS support on.
+Currently, there is no possibility to delete a once-uploaded CA certificate. So if you want to remove your certificate, simply upload the dummy/sample above.
 
 ## Integration Examples for Opensource automation systems
 [Openhab2](Integrations/Openhab2)

From 64e8b464763d56337e9a9555157a6332f3267646 Mon Sep 17 00:00:00 2001
From: Xploder <Xploder270@gmail.com>
Date: Wed, 14 Jan 2026 10:08:08 +0100
Subject: [PATCH 18/18] Update HeatPumpType.md - added KIT-ADC05K3E5

I've added my unknown heat pump model KIT-ADC05K3E5 which is a WH-ADC0309K3E5AN IN device with the WH-UDZ05KE5 OUT device.

E2 D5 0D 36 99 02 D6 10 66 95
---
 HeatPumpType.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/HeatPumpType.md b/HeatPumpType.md
index 1732282f..741f4181 100644
--- a/HeatPumpType.md
+++ b/HeatPumpType.md
@@ -61,7 +61,7 @@ Assuming that bytes from #129 to #138 are unique for each model of Aquarea heat
 |54 | E2 CF 0C 74 09 12 D0 0E 94 05 | WH-ADC0916H9E8 | WH-UX09HE8 | KIT-AXC9HE8 | 9 | 3ph | T-CAP - All-In-One |
 |55 | 12 D7 0D 98 11 33 94 0C 83 10 | WH-ADC0316M9E8AN2 | WH-WXG09ME8 | Monoblock | 9 | 2ph | T-CAP - M-series DHW 185l |
 |56 | E2 D5 0B 08 95 02 D6 0F 67 95 | WH-SDC0309K3E5 | WH-UDZ07KE5 | KIT-SDC07KE5 | 7 | 1ph | HP - split K-series (sold in Poland) |
-
+|57 | E2 D5 0D 36 99 02 D6 10 66 95 | WH-ADC0309K3E5AN | WH-UDZ05KE5 | KIT-ADC05K3E5AN | 5 | 1ph | HP - All-In-One K-series - AN |
 
 All bytes are used for Heat Pump model identification in the code.