mbedTLS memory usage per connection / mbedtls_ssl_context

permal
Posts: 384
Joined: Sun May 14, 2017 5:36 pm

mbedTLS memory usage per connection / mbedtls_ssl_context

Postby permal » Sat May 18, 2019 7:55 pm

Hi,

I'm implementing an event-based asynchronous HTTP(s) server. I'd like to support up to six simultaneous connections as modern browsers use up to six connections to the same domain.

Things runs fine, as long as I only allow three or connections - more than that and I run really low on memory; got about 110k free with no active connections.

Right now the biggest memory allocation seems to be the call to mbedtls_ssl_setup, which allocates ~23kb per connection, and since each connection requires its own mbedtls_ssl_context plus some additional overhead, it quickly eats up the free memory.

This page talks about things you can do to reduce the memory usage of mbedtls, but apart from MBEDTLS_SSL_KEEP_PEER_CERTIFICATE (which doesn't seem available in IDF?) and mbedtls_x509_parse_der_nocopy() (not yet available),there doesn't seem to be much help on a per-connection basis. I have asymmetric in/out fragment length enabled already at 16/4kb, but can't reduce the incoming buffer below 16kb since I'm not in control of the client-side.

Is there anything else I can do to reduce the memory foot print of each connection (or generally for mbedtls)?

jcsbanks
Posts: 305
Joined: Tue Mar 28, 2017 8:03 pm

Re: mbedTLS memory usage per connection / mbedtls_ssl_context

Postby jcsbanks » Sat May 18, 2019 8:26 pm

Do you use PSRAM? I got about 40KB of IRAM back using AWS by enabling that option.

libwebsockets has a custom mbedTLS for the ESP32 that mentioned memory savings, but see: https://github.com/warmcat/lws-esp32-factory/issues/47

permal
Posts: 384
Joined: Sun May 14, 2017 5:36 pm

Re: mbedTLS memory usage per connection / mbedtls_ssl_context

Postby permal » Sun May 19, 2019 6:30 am

jcsbanks wrote: Do you use PSRAM? I got about 40KB of IRAM back using AWS by enabling that option.

libwebsockets has a custom mbedTLS for the ESP32 that mentioned memory savings, but see: https://github.com/warmcat/lws-esp32-factory/issues/47
No, I do not explicitly use PSRAM? I need to read up on that.

The liwebsockets memory savings you refer to seems to be the asynchronous buffers I'm already using.

permal
Posts: 384
Joined: Sun May 14, 2017 5:36 pm

Re: mbedTLS memory usage per connection / mbedtls_ssl_context

Postby permal » Sun May 19, 2019 7:09 am

Heh, enabling PSRAM gave me another 4MB to play with, this is going to last me forever :)

Now to figure out if there's a way to speed up TLS-negotiations, it takes nearly three seconds for a connection to initialize :\

Edit: Hm, still getting these, even with PSRAM enabled:

Code: Select all

mbedtls_ssl_handshake failed: BIGNUM - Memory allocation failed
or

Code: Select all

mbedtls_ssl_handshake failed: ECP - Memory allocation failed
Edit2: Ah - Usage of PSRAM must beenabled for mbedTLS explicitly, but now I'm getting this instead:

Code: Select all

SSL - Verification of the message MAC failed

Who is online

Users browsing this forum: Baldhead, Google [Bot] and 155 guests