mbedTLS memory usage per connection / mbedtls_ssl_context
Posted: Sat May 18, 2019 7:55 pm
Hi,
I'm implementing an event-based asynchronous HTTP(s) server. I'd like to support up to six simultaneous connections as modern browsers use up to six connections to the same domain.
Things runs fine, as long as I only allow three or connections - more than that and I run really low on memory; got about 110k free with no active connections.
Right now the biggest memory allocation seems to be the call to mbedtls_ssl_setup, which allocates ~23kb per connection, and since each connection requires its own mbedtls_ssl_context plus some additional overhead, it quickly eats up the free memory.
This page talks about things you can do to reduce the memory usage of mbedtls, but apart from MBEDTLS_SSL_KEEP_PEER_CERTIFICATE (which doesn't seem available in IDF?) and mbedtls_x509_parse_der_nocopy() (not yet available),there doesn't seem to be much help on a per-connection basis. I have asymmetric in/out fragment length enabled already at 16/4kb, but can't reduce the incoming buffer below 16kb since I'm not in control of the client-side.
Is there anything else I can do to reduce the memory foot print of each connection (or generally for mbedtls)?
I'm implementing an event-based asynchronous HTTP(s) server. I'd like to support up to six simultaneous connections as modern browsers use up to six connections to the same domain.
Things runs fine, as long as I only allow three or connections - more than that and I run really low on memory; got about 110k free with no active connections.
Right now the biggest memory allocation seems to be the call to mbedtls_ssl_setup, which allocates ~23kb per connection, and since each connection requires its own mbedtls_ssl_context plus some additional overhead, it quickly eats up the free memory.
This page talks about things you can do to reduce the memory usage of mbedtls, but apart from MBEDTLS_SSL_KEEP_PEER_CERTIFICATE (which doesn't seem available in IDF?) and mbedtls_x509_parse_der_nocopy() (not yet available),there doesn't seem to be much help on a per-connection basis. I have asymmetric in/out fragment length enabled already at 16/4kb, but can't reduce the incoming buffer below 16kb since I'm not in control of the client-side.
Is there anything else I can do to reduce the memory foot print of each connection (or generally for mbedtls)?
