1 Reply Latest reply on Apr 11, 2017 1:05 AM by sqlsql_2244756

    wiced wiced_https_get  using more traffic

    sqlsql_2244756

      Hi Cypress team and community,

      We using wiced sdk 3.7.0  , FreeRtos-LWIP,  and closed code wiced ssl lib (BESL).

      For client to server connection we using wiced_https_get function.

      I noticed, that connection using more traffic and cpu usage. In Wireshark packet analyzer I see, that at TLS1.2 handshake stage SERVER always send same  Certificate data (5-6Kb), because wiced not sending  session id.

      TLS1.2 protocol (RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2 ) have "Resuming Sessions" mode.

       

      "The client sends a ClientHello using the Session ID of the session to

        be resumed. The server then checks its session cache for a match.

        If a match is found, and the server is willing to re-establish the

        connection under the specified session state, it will send a

        ServerHello with the same Session ID value."

       

      "

      4. Relative efficiency: Cryptographic operations tend to be highly

        CPU intensive, particularly public key operations. For this

        reason, the TLS protocol has incorporated an optional session

        caching scheme to reduce the number of connections that need to be

        established from scratch. Additionally, care has been taken to

        reduce network activity."

       

      My question.

      How to enable in wiced closed code BESL "Resuming Sessions" session id mode?

       

      Darius

        • 1. Re: wiced wiced_https_get  using more traffic
          sqlsql_2244756

          After some investigation,

          in function

          wiced_result_t wiced_generic_start_tls_with_ciphers( wiced_tls_context_t* tls_context, void* referee, wiced_tls_endpoint_type_t type, wiced_tls_certificate_verification_t verification, const cipher_suite_t* cipher_list[], tls_transport_protocol_t transport_protocol )

           

          I found call closed source ssl internal function.

          ssl_set_session ( &tls_context->context, SESSION_CAN_BE_RESUMED, 1000000, &tls_context->session );

           

          It defined

          void    ssl_set_session ( ssl_context *ssl, int32_t resume, int32_t timeout, ssl_session *session );

           

          Can anybody explain parameter   "timeout"?  What it description? (session timeout or call timeout...)

           

          If I save old sesion  in tls_context->session, then  in wireshark  packet I see that  wiced begun send session id in ClientHello handshake. Then server stop sending Certificate data (5-6kb)!  So it work.

          What can be notes or advices?

          Darius