- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Cypress team and community,
We using wiced sdk 3.7.0 , FreeRtos-LWIP, and closed code wiced ssl lib (BESL).
For client to server connection we using wiced_https_get function.
I noticed, that connection using more traffic and cpu usage. In Wireshark packet analyzer I see, that at TLS1.2 handshake stage SERVER always send same Certificate data (5-6Kb), because wiced not sending session id.
TLS1.2 protocol (RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2 ) have "Resuming Sessions" mode.
"The client sends a ClientHello using the Session ID of the session to
be resumed. The server then checks its session cache for a match.
If a match is found, and the server is willing to re-establish the
connection under the specified session state, it will send a
ServerHello with the same Session ID value."
"
4. Relative efficiency: Cryptographic operations tend to be highly
CPU intensive, particularly public key operations. For this
reason, the TLS protocol has incorporated an optional session
caching scheme to reduce the number of connections that need to be
established from scratch. Additionally, care has been taken to
reduce network activity."
My question.
How to enable in wiced closed code BESL "Resuming Sessions" session id mode?
Darius
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After some investigation,
in function
wiced_result_t wiced_generic_start_tls_with_ciphers( wiced_tls_context_t* tls_context, void* referee, wiced_tls_endpoint_type_t type, wiced_tls_certificate_verification_t verification, const cipher_suite_t* cipher_list[], tls_transport_protocol_t transport_protocol )
I found call closed source ssl internal function.
ssl_set_session ( &tls_context->context, SESSION_CAN_BE_RESUMED, 1000000, &tls_context->session );
It defined
void ssl_set_session ( ssl_context *ssl, int32_t resume, int32_t timeout, ssl_session *session );
Can anybody explain parameter "timeout"? What it description? (session timeout or call timeout...)
If I save old sesion in tls_context->session, then in wireshark packet I see that wiced begun send session id in ClientHello handshake. Then server stop sending Certificate data (5-6kb)! So it work.
What can be notes or advices?
Darius