esp-idf/components/esp_https_ota/Kconfig

menu "ESP HTTPS OTA"

    config ESP_HTTPS_OTA_DECRYPT_CB
        bool "Provide decryption callback"
        default n
        help
            Exposes an additional callback whereby firmware data could be decrypted
            before being processed by OTA update component. This can help to integrate
            external encryption related format and removal of such encapsulation layer
            from firmware image.

    config ESP_HTTPS_OTA_ALLOW_HTTP
        bool "Allow HTTP for OTA (WARNING: ONLY FOR TESTING PURPOSE, READ HELP)"
        default n
        help
            It is highly recommended to keep HTTPS (along with server certificate validation) enabled.
            Enabling this option comes with potential risk of:
            - Non-encrypted communication channel with server
            - Accepting firmware upgrade image from server with fake identity

endmenu