Page 1 of 1
TLS handshake slow ?
Posted: Wed May 22, 2019 8:16 pm
by DannyBackx
Hi,
TLS handshake appears to take a while :
I (21260) TLS loop: Start handshake ...
I (28470) TLS loop: SSL/TLS handshake ok
What could cause (or fix) this ?
Thanks,
Danny
Code: Select all
ESP_LOGI(tls_tag, "Start handshake ..." );
if ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_strerror(ret, error_buf, sizeof(error_buf));
ESP_LOGE(tls_tag, "SSL/TLS handshake failed, error %d (%s)", ret, error_buf);
continue;
}
}
ESP_LOGI(tls_tag, "SSL/TLS handshake ok");
Re: TLS handshake slow ?
Posted: Thu May 23, 2019 4:53 am
by ESP_Angus
Hi Danny,
There's normally some delay, but 7 seconds is very long! What cipher suite ends up being used for the connection?
Angus
Re: TLS handshake slow ?
Posted: Thu May 23, 2019 4:04 pm
by DannyBackx
I hate to admit I don't know where to look
(71458960) TLS loop: Start handshake ...
(71465930) TLS loop: SSL/TLS handshake ok
When I run the client (ssl_client2) with debug_level=99 it says a lot of things, amongst which :
ssl_tls.c:5606: |3| signed using : RSA with SHA-256
ssl_tls.c:5606: |3| RSA key size : 2048 bits
...
ssl_tls.c:8094: |2| <= handshake
ok
[ Protocol is TLSv1.2 ]
[ Ciphersuite is TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 ]
[ Record expansion is 29 ]
[ Maximum fragment length is 16384 ]
. Verifying peer X.509 certificate... ok
Re: TLS handshake slow ?
Posted: Fri May 24, 2019 9:05 am
by permal
Following this thread with interest, I'm experiencing
~5 second handshakes.
Re: TLS handshake slow ?
Posted: Sat May 25, 2019 1:26 pm
by DannyBackx
Per,
You closed your issue (
https://github.com/espressif/esp-idf/issues/3523). Understandably.
Would it be a good idea to open a new one about the cause of this 5 .. 7 second delay ?
Until someone claims / proves otherwise, I'm inclined to think this is a bug.
Danny
Re: TLS handshake slow ?
Posted: Sat May 25, 2019 1:54 pm
by permal
Danny,
I've seen people with handshake times up to 15-30s on MCUs at 80MHz at mbedTLS forum so I'm not sure that our 5 seconds are unreasonable long at 240Mhz. I don't want to cry "bug!" quite yet.
// Per
Re: TLS handshake slow ?
Posted: Sat May 25, 2019 3:17 pm
by DannyBackx
See
viewtopic.php?f=13&t=929
That's much faster than what we currently see.
Danny
Re: TLS handshake slow ?
Posted: Sat May 25, 2019 5:04 pm
by permal
That is is. Open a ticket if you really think it is a bug. I need to dig deeper into my implementation before I can say where time is spent and I can call it a bug.
Re: TLS handshake slow ?
Posted: Mon May 27, 2019 3:31 pm
by DannyBackx
You're right. My code had a call to create a task for this. Setting other priority values on that task, and not pinning it to one core, reduces the response time to 3s. Still a lot longer than the report I referred to...
Any clues on how to make this better ? I can't seem to find useful values for that priority field.
Danny
Re: TLS handshake slow ?
Posted: Tue May 28, 2019 6:20 am
by permal
DannyBackx wrote:
You're right. My code had a call to create a task for this. Setting other priority values on that task, and not pinning it to one core, reduces the response time to 3s. Still a lot longer than the report I referred to...
Any clues on how to make this better ? I can't seem to find useful values for that priority field.
Danny
Not really, no.