Nuvoton
NuMaker connection with AWS IoT thru MQTT/HTTPS
Dependencies: MQTT
Revision 26:e5cfc2628e84, committed 2019-04-15
- Comitter:
- ccli8
- Date:
- Mon Apr 15 17:31:56 2019 +0800
- Parent:
- 25:edf568984d27
- Child:
- 27:b12add202b88
- Commit message:
- Reduce memory footprint according to RFC 6066 TLS extension
1. Enable RFC 6066 max_fragment_length extension.
2. Reduce `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` to 4KiB/4KiB from 16KiB/16KiB.
But this approach is risky because:
1. AWS IoT doesn't support RFC 6066 TLS extension yet.
2. TLS handshake may need larger I/O buffers than configured 4KiB/4KiB. 4KiB/4KiB is minimum
to pass TLS handshake per test.
Changed in this revision
--- a/README.md Mon Apr 15 15:40:16 2019 +0800
+++ b/README.md Mon Apr 15 17:31:56 2019 +0800
@@ -307,4 +307,27 @@
<b>"ESP8266_MISC_TIMEOUT=5000"</b>
],
"config": {
- </pre>
\ No newline at end of file
+ </pre>
+
+- Reduce memory footprint according to RFC 6066 TLS extension
+ `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` determine the sizes of incoming/outgoing TLS I/O buffers.
+ We reduce the sizes by default according to RFC 6066:
+ 1. Enable RFC 6066 max_fragment_length extension.
+ 1. Reduce `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` to 4KiB/4KiB from 16KiB/16KiB.
+
+ But this approach is risky because:
+ 1. AWS IoT doesn't support RFC 6066 TLS extension yet.
+ 1. TLS handshake may need larger I/O buffers than configured 4KiB/4KiB.
+
+ If you doubt your trouble is caused by this configuration, disable it by:
+ 1. Remove the line `my-tlssocket.tls-max-frag-len` in `mbed_app.json`.
+ ```json
+ "NUMAKER_PFM_NUC472": {
+ "target.network-default-interface-type" : "ETHERNET",
+ "target.macros_add": [
+ "ESP8266_AT_SEL=ESP8266_AT_EXTERN"
+ ]
+ },
+ ```
+ 1. Comment out `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` in `mbedtls_user_config.h`.
+ This will change back to 16KiB/16KiB.
--- a/mbed_app.json Mon Apr 15 15:40:16 2019 +0800
+++ b/mbed_app.json Mon Apr 15 17:31:56 2019 +0800
@@ -18,21 +18,18 @@
},
"NUMAKER_PFM_NUC472": {
"target.network-default-interface-type" : "ETHERNET",
- "target.macros_add": [
- "ESP8266_AT_SEL=ESP8266_AT_EXTERN"
- ]
+ "my-tlssocket.tls-max-frag-len" : 4,
+ "target.macros_add" : ["ESP8266_AT_SEL=ESP8266_AT_EXTERN"]
},
"NUMAKER_PFM_M487": {
"target.network-default-interface-type" : "ETHERNET",
- "target.macros_add": [
- "ESP8266_AT_SEL=ESP8266_AT_EXTERN"
- ]
+ "my-tlssocket.tls-max-frag-len" : 4,
+ "target.macros_add" : ["ESP8266_AT_SEL=ESP8266_AT_EXTERN"]
},
"NUMAKER_IOT_M487": {
"target.network-default-interface-type" : "WIFI",
- "target.macros_add": [
- "ESP8266_AT_SEL=ESP8266_AT_ONBOARD"
- ]
+ "my-tlssocket.tls-max-frag-len" : 4,
+ "target.macros_add" : ["ESP8266_AT_SEL=ESP8266_AT_ONBOARD"]
}
}
}
--- a/mbedtls_user_config.h Mon Apr 15 15:40:16 2019 +0800 +++ b/mbedtls_user_config.h Mon Apr 15 17:31:56 2019 +0800 @@ -42,7 +42,7 @@ #endif /* TARGET_STM32F439xI && MBEDTLS_CONFIG_HW_SUPPORT */ /* Maximum length (in bytes) of incoming plaintext fragments */ -//#define MBEDTLS_SSL_IN_CONTENT_LEN 4096 +#define MBEDTLS_SSL_IN_CONTENT_LEN 4096 /* Maximum length (in bytes) of outgoing plaintext fragments */ -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 4096 +#define MBEDTLS_SSL_OUT_CONTENT_LEN 4096