wiced wiced_https_get using more traffic

Ask the Community
Close
Ask the Community
nav search Icon
Forums gray-arrow gray-arrow
Resources gray-arrow gray-arrow
About gray-arrow gray-arrow
Groups gray-arrow gray-arrow
nav-user Account

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

wiced wiced_https_get using more traffic

DaBa_2244756
Level 5
Level 5
25 likes received 10 likes received 10 likes given
‎Apr 10, 2017 01:48 AM
‎Apr 10, 2017 01:48 AM

Hi Cypress team and community,

We using wiced sdk 3.7.0  , FreeRtos-LWIP,  and closed code wiced ssl lib (BESL).

For client to server connection we using wiced_https_get function.

I noticed, that connection using more traffic and cpu usage. In Wireshark packet analyzer I see, that at TLS1.2 handshake stage SERVER always send same  Certificate data (5-6Kb), because wiced not sending  session id.

TLS1.2 protocol (RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2 ) have "Resuming Sessions" mode.

"The client sends a ClientHello using the Session ID of the session to

  be resumed. The server then checks its session cache for a match.

  If a match is found, and the server is willing to re-establish the

  connection under the specified session state, it will send a

  ServerHello with the same Session ID value."

"

4. Relative efficiency: Cryptographic operations tend to be highly

  CPU intensive, particularly public key operations. For this

  reason, the TLS protocol has incorporated an optional session

  caching scheme to reduce the number of connections that need to be

  established from scratch. Additionally, care has been taken to

  reduce network activity."

My question.

How to enable in wiced closed code BESL "Resuming Sessions" session id mode?

Darius

0 Likes
Subscribe
1 Reply

Re: wiced wiced_https_get using more traffic

DaBa_2244756
Level 5
Level 5
25 likes received 10 likes received 10 likes given
‎Apr 11, 2017 01:05 AM
‎Apr 11, 2017 01:05 AM

After some investigation,

in function

wiced_result_t wiced_generic_start_tls_with_ciphers( wiced_tls_context_t* tls_context, void* referee, wiced_tls_endpoint_type_t type, wiced_tls_certificate_verification_t verification, const cipher_suite_t* cipher_list[], tls_transport_protocol_t transport_protocol )

I found call closed source ssl internal function.

ssl_set_session ( &tls_context->context, SESSION_CAN_BE_RESUMED, 1000000, &tls_context->session );

It defined

void    ssl_set_session ( ssl_context *ssl, int32_t resume, int32_t timeout, ssl_session *session );

Can anybody explain parameter   "timeout"?  What it description? (session timeout or call timeout...)

If I save old sesion  in tls_context->session, then  in wireshark  packet I see that  wiced begun send session id in ClientHello handshake. Then server stop sending Certificate data (5-6kb)!  So it work.

What can be notes or advices?

Darius