NuMaker connection with AWS IoT thru MQTT/HTTPS
Dependencies: MQTT
Revision 26:e5cfc2628e84, committed 2019-04-15
- Comitter:
- ccli8
- Date:
- Mon Apr 15 17:31:56 2019 +0800
- Parent:
- 25:edf568984d27
- Child:
- 27:b12add202b88
- Commit message:
- Reduce memory footprint according to RFC 6066 TLS extension
1. Enable RFC 6066 max_fragment_length extension.
2. Reduce `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` to 4KiB/4KiB from 16KiB/16KiB.
But this approach is risky because:
1. AWS IoT doesn't support RFC 6066 TLS extension yet.
2. TLS handshake may need larger I/O buffers than configured 4KiB/4KiB. 4KiB/4KiB is minimum
to pass TLS handshake per test.
Changed in this revision
--- a/README.md Mon Apr 15 15:40:16 2019 +0800 +++ b/README.md Mon Apr 15 17:31:56 2019 +0800 @@ -307,4 +307,27 @@ <b>"ESP8266_MISC_TIMEOUT=5000"</b> ], "config": { - </pre> \ No newline at end of file + </pre> + +- Reduce memory footprint according to RFC 6066 TLS extension + `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` determine the sizes of incoming/outgoing TLS I/O buffers. + We reduce the sizes by default according to RFC 6066: + 1. Enable RFC 6066 max_fragment_length extension. + 1. Reduce `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` to 4KiB/4KiB from 16KiB/16KiB. + + But this approach is risky because: + 1. AWS IoT doesn't support RFC 6066 TLS extension yet. + 1. TLS handshake may need larger I/O buffers than configured 4KiB/4KiB. + + If you doubt your trouble is caused by this configuration, disable it by: + 1. Remove the line `my-tlssocket.tls-max-frag-len` in `mbed_app.json`. + ```json + "NUMAKER_PFM_NUC472": { + "target.network-default-interface-type" : "ETHERNET", + "target.macros_add": [ + "ESP8266_AT_SEL=ESP8266_AT_EXTERN" + ] + }, + ``` + 1. Comment out `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` in `mbedtls_user_config.h`. + This will change back to 16KiB/16KiB.
--- a/mbed_app.json Mon Apr 15 15:40:16 2019 +0800 +++ b/mbed_app.json Mon Apr 15 17:31:56 2019 +0800 @@ -18,21 +18,18 @@ }, "NUMAKER_PFM_NUC472": { "target.network-default-interface-type" : "ETHERNET", - "target.macros_add": [ - "ESP8266_AT_SEL=ESP8266_AT_EXTERN" - ] + "my-tlssocket.tls-max-frag-len" : 4, + "target.macros_add" : ["ESP8266_AT_SEL=ESP8266_AT_EXTERN"] }, "NUMAKER_PFM_M487": { "target.network-default-interface-type" : "ETHERNET", - "target.macros_add": [ - "ESP8266_AT_SEL=ESP8266_AT_EXTERN" - ] + "my-tlssocket.tls-max-frag-len" : 4, + "target.macros_add" : ["ESP8266_AT_SEL=ESP8266_AT_EXTERN"] }, "NUMAKER_IOT_M487": { "target.network-default-interface-type" : "WIFI", - "target.macros_add": [ - "ESP8266_AT_SEL=ESP8266_AT_ONBOARD" - ] + "my-tlssocket.tls-max-frag-len" : 4, + "target.macros_add" : ["ESP8266_AT_SEL=ESP8266_AT_ONBOARD"] } } }
--- a/mbedtls_user_config.h Mon Apr 15 15:40:16 2019 +0800 +++ b/mbedtls_user_config.h Mon Apr 15 17:31:56 2019 +0800 @@ -42,7 +42,7 @@ #endif /* TARGET_STM32F439xI && MBEDTLS_CONFIG_HW_SUPPORT */ /* Maximum length (in bytes) of incoming plaintext fragments */ -//#define MBEDTLS_SSL_IN_CONTENT_LEN 4096 +#define MBEDTLS_SSL_IN_CONTENT_LEN 4096 /* Maximum length (in bytes) of outgoing plaintext fragments */ -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 4096 +#define MBEDTLS_SSL_OUT_CONTENT_LEN 4096