[lwip-users] altcp_tls

lwip-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-users] altcp_tls_mbedtls

From:	Giuseppe Modugno
Subject:	[lwip-users] altcp_tls_mbedtls
Date:	Fri, 22 Feb 2019 09:34:35 +0100
User-agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1

I'm trying to integrate lwip and mbedTLS on a project running on LPC1769MCU from NXP. This MCU features 64kB SRAM in two separate banks of 32kB.

As you can understand, I'm fighting putting all together with so smallSRAM. I'm not sure mbedTLS+lwip could really work in 64kB. I'minterested in creating only one TLS connection with a MQTT server(Amazon IoT or similar service). I'd like to know some experience abouta similar application in similar hw platform.

The first thing I made to reduce RAM requirements was decreasingMBEDTLS_SSL_OUT_CONTENT_LEN from 16384 to 2048 (I understood outputbuffer is under my control, so I can reduce it without letting informedthe server about this, differently from IN_CONTENT_LEN that must be atleast 16384).


My mbedTLS config.h:

#define MBEDTLS_SSL_IN_CONTENT_LEN              16384
#define MBEDTLS_SSL_OUT_CONTENT_LEN             2048
//#define MBEDTLS_SSL_MAX_CONTENT_LEN

In mbedtls/ssl.h appears:

#if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)

#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Size of theinput / output buffer */

#endif

So MBEDTLS_SSL_MAX_CONTENT_LEN is defined as 16384. Anyway it seems thissymbol is never used in mbedTLS code (it is useful only to define IN andOUT content len when they aren't defined).


In altcp_tls_create_config() appears:

  if (TCP_WND < MBEDTLS_SSL_MAX_CONTENT_LEN) {
    LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG|LWIP_DBG_LEVEL_SERIOUS,

("altcp_tls: TCP_WND is smaller than the RX decryption buffer,connection RX might stall!\n"));

Is this warning correct? I think TCP_WND should be compared withMBEDTLS_SSL_IN_CONTENT_LEN or MBEDTLS_SSL_OUT_CONTENT_LEN or the maximumof them (of course, I hope to compare it with OUT buffer only, becauseit is smaller).

Another question, more TLS related. I know some servers don't implementMFL (Maximum Fragment Length) extension in order to reduce input buffersize too. Do you know of some way to understand if the server reallyimplement this extension? I'm interested in IoT services from Amazon,Google, Microsoft or similar. It seems they don't explicit this feature,so I have to check in other ways.

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-users] altcp_tls_mbedtls, Giuseppe Modugno <=
- Re: [lwip-users] altcp_tls_mbedtls, Simon Goldschmidt, 2019/02/22
  - Re: [lwip-users] altcp_tls_mbedtls, Giuseppe Modugno, 2019/02/22
    - Re: [lwip-users] altcp_tls_mbedtls, address@hidden, 2019/02/25
    - Re: [lwip-users] altcp_tls_mbedtls, Giuseppe Modugno, 2019/02/26
    - Re: [lwip-users] altcp_tls_mbedtls, Simon Goldschmidt, 2019/02/26
    - Re: [lwip-users] altcp_tls_mbedtls, Giuseppe Modugno, 2019/02/26
    - Re: [lwip-users] altcp_tls_mbedtls, Simon Goldschmidt, 2019/02/26
- Re: [lwip-users] altcp_tls_mbedtls, Andy Pont, 2019/02/22
  - Re: [lwip-users] altcp_tls_mbedtls, Giuseppe Modugno, 2019/02/22

Prev by Date: [lwip-users] Debugging a hang in an lwIP-based application
Next by Date: Re: [lwip-users] altcp_tls_mbedtls
Previous by thread: [lwip-users] Debugging a hang in an lwIP-based application
Next by thread: Re: [lwip-users] altcp_tls_mbedtls
Index(es):
- Date
- Thread