5 Replies Latest reply on May 17, 2016 2:11 AM by axel.lin_1746341

    Data packet size errors using TLS

    whowell

      Hi,

       

      I'm attempting to make an HTTP request of about 2541 bytes. It worked fine using HTTP, but now I'm trying to use HTTPS, and I'm having trouble with multiple packets. When I tried smaller requests (~370 bytes) it succeeds just fine

       

      I run into the assert in wiced_https_get()->wiced_tcp_send_buffer()->wiced_tcp_send_packet()->wiced_tls_encrypt_packet()->wiced_packet_set_data_end().


      It's asserting because data_end is always 5 bytes larger than packet->nx_packet_data_end.

       

      I know the packet pools are created with a size of 1548 bytes, and it's trying to send a packet size of ~1384 bytes.

       

      Any clue why this might be happening? Is there some macro that I should look into changing?

       

      I'm using NetX Duo and WICED 3.1.2


      Thanks

      Will

        • 1. Re: Data packet size errors using TLS
          cypherbridge

          I'm not entirely sure about how this assert is failing, but here is another reference point.

           

          Unlike HTTP that uses byte stream oriented writes, for HTTPS TLS each write is encapsulated as TLS message, including HMAC and encrypted payload.  This is not something unique to WICED, but is part of how the TLS standard is defined and interoperates.

           

          In practice this requires an internal TLS transmit buffer big enough for the message.

          As you already discovered, if you write smaller message payloads it works,

          but if you go over the limit it stops.

           

          In later releases of uSSL SDK included in WICED, the secure socket API adds a new function ussl_write_chunked()

          that breaks down an arbitrary size payload write into smaller TLS message chunks.

          Try just adding something similar in your application, tune it to

          1200 bytes to start with, then 1300, 1400 etc.

           

          Cheers,

          Steve

          • 2. Re: Data packet size errors using TLS
            sam.lin

            In later releases of uSSL SDK included in WICED, the secure socket API adds a new function ussl_write_chunked()

            that breaks down an arbitrary size payload write into smaller TLS message chunks.

            Try just adding something similar in your application, tune it to

            1200 bytes to start with, then 1300, 1400 etc.

            Can you release th uSSL library update for SDK-3.1.2 as well?

            Since this is actually a bug fix, I'd like to know when will the fix available.

            We have the TLS issue on already shipped product and it's based on SDK-3.1.2.

            Upgrade to new SDK is fine for new product but for already shipped product

            we prefer to use SDK-3.1.2 which is well tested.

             

            BTW, I think the call to ussl_write_chunked() should not be added in

            application. It should be added/wrapped in the implementation of wiced_* API.

             

            Thanks.

            • 3. Re: Data packet size errors using TLS
              sam.lin

              Hi,

              Any progress on this issues?

               

              As I mentioned that the already shipped product has bug with TLS enabled,

              can someone help to fix this issue?

               

              Thanks.

              • 4. Re: Data packet size errors using TLS
                cypherbridge

                Hi sam.lin this get resolved?

                 

                We've added a WICED support page at

                 

                www.cypherbridge.com/WICED.html

                 

                We offer an option for WICED customers to work with us directly for support and upgrades,

                including customized builds. To get the latest and greatest features and direct technical support, please contact us

                on our WICED support page, include your company contact information.

                • 5. Re: Data packet size errors using TLS
                  axel.lin_1746341

                  cypherbridge wrote:

                   

                  In later releases of uSSL SDK included in WICED, the secure socket API adds a new function ussl_write_chunked()

                  that breaks down an arbitrary size payload write into smaller TLS message chunks.

                  I don't find the ussl_write_chunked(), can you point out which SDK version includes this API?