Hi,
I'm implementing an event-based asynchronous HTTP(s) server. I'd like to support up to six simultaneous connections as modern browsers use up to six connections to the same domain.
Things runs fine, as long as I only allow three or connections - more than that and I run really low on memory; got about 110k free with no active connections.
Right now the biggest memory allocation seems to be the call to mbedtls_ssl_setup, which allocates ~23kb per connection, and since each connection requires its own mbedtls_ssl_context plus some additional overhead, it quickly eats up the free memory.
This page talks about things you can do to reduce the memory usage of mbedtls, but apart from MBEDTLS_SSL_KEEP_PEER_CERTIFICATE (which doesn't seem available in IDF?) and mbedtls_x509_parse_der_nocopy() (not yet available),there doesn't seem to be much help on a per-connection basis. I have asymmetric in/out fragment length enabled already at 16/4kb, but can't reduce the incoming buffer below 16kb since I'm not in control of the client-side.
Is there anything else I can do to reduce the memory foot print of each connection (or generally for mbedtls)?
mbedTLS memory usage per connection / mbedtls_ssl_context
Re: mbedTLS memory usage per connection / mbedtls_ssl_context
Do you use PSRAM? I got about 40KB of IRAM back using AWS by enabling that option.
libwebsockets has a custom mbedTLS for the ESP32 that mentioned memory savings, but see: https://github.com/warmcat/lws-esp32-factory/issues/47
libwebsockets has a custom mbedTLS for the ESP32 that mentioned memory savings, but see: https://github.com/warmcat/lws-esp32-factory/issues/47
Re: mbedTLS memory usage per connection / mbedtls_ssl_context
No, I do not explicitly use PSRAM? I need to read up on that.jcsbanks wrote: Do you use PSRAM? I got about 40KB of IRAM back using AWS by enabling that option.
libwebsockets has a custom mbedTLS for the ESP32 that mentioned memory savings, but see: https://github.com/warmcat/lws-esp32-factory/issues/47
The liwebsockets memory savings you refer to seems to be the asynchronous buffers I'm already using.
Re: mbedTLS memory usage per connection / mbedtls_ssl_context
Heh, enabling PSRAM gave me another 4MB to play with, this is going to last me forever
Now to figure out if there's a way to speed up TLS-negotiations, it takes nearly three seconds for a connection to initialize :\
Edit: Hm, still getting these, even with PSRAM enabled:
or
Edit2: Ah - Usage of PSRAM must beenabled for mbedTLS explicitly, but now I'm getting this instead:
Now to figure out if there's a way to speed up TLS-negotiations, it takes nearly three seconds for a connection to initialize :\
Edit: Hm, still getting these, even with PSRAM enabled:
Code: Select all
mbedtls_ssl_handshake failed: BIGNUM - Memory allocation failed
Code: Select all
mbedtls_ssl_handshake failed: ECP - Memory allocation failed
Code: Select all
SSL - Verification of the message MAC failed
Who is online
Users browsing this forum: Baldhead, Google [Bot] and 155 guests