Data packet size errors using TLS

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

Hi,

I'm attempting to make an HTTP request of about 2541 bytes. It worked fine using HTTP, but now I'm trying to use HTTPS, and I'm having trouble with multiple packets. When I tried smaller requests (~370 bytes) it succeeds just fine

I run into the assert in wiced_https_get()->wiced_tcp_send_buffer()->wiced_tcp_send_packet()->wiced_tls_encrypt_packet()->wiced_packet_set_data_end().


It's asserting because data_end is always 5 bytes larger than packet->nx_packet_data_end.

I know the packet pools are created with a size of 1548 bytes, and it's trying to send a packet size of ~1384 bytes.

Any clue why this might be happening? Is there some macro that I should look into changing?

I'm using NetX Duo and WICED 3.1.2


Thanks

Will

0 Likes
5 Replies
Anonymous
Not applicable

I'm not entirely sure about how this assert is failing, but here is another reference point.

Unlike HTTP that uses byte stream oriented writes, for HTTPS TLS each write is encapsulated as TLS message, including HMAC and encrypted payload.  This is not something unique to WICED, but is part of how the TLS standard is defined and interoperates.

In practice this requires an internal TLS transmit buffer big enough for the message.

As you already discovered, if you write smaller message payloads it works,

but if you go over the limit it stops.

In later releases of uSSL SDK included in WICED, the secure socket API adds a new function ussl_write_chunked()

that breaks down an arbitrary size payload write into smaller TLS message chunks.

Try just adding something similar in your application, tune it to

1200 bytes to start with, then 1300, 1400 etc.

Cheers,

Steve

0 Likes
Anonymous
Not applicable

In later releases of uSSL SDK included in WICED, the secure socket API adds a new function ussl_write_chunked()

that breaks down an arbitrary size payload write into smaller TLS message chunks.

Try just adding something similar in your application, tune it to

1200 bytes to start with, then 1300, 1400 etc.

Can you release th uSSL library update for SDK-3.1.2 as well?

Since this is actually a bug fix, I'd like to know when will the fix available.

We have the TLS issue on already shipped product and it's based on SDK-3.1.2.

Upgrade to new SDK is fine for new product but for already shipped product

we prefer to use SDK-3.1.2 which is well tested.

BTW, I think the call to ussl_write_chunked() should not be added in

application. It should be added/wrapped in the implementation of wiced_* API.

Thanks.

0 Likes
Anonymous
Not applicable

Hi,

Any progress on this issues?

As I mentioned that the already shipped product has bug with TLS enabled,

can someone help to fix this issue?

Thanks.

0 Likes
Anonymous
Not applicable

Hi sam.lin this get resolved?

We've added a WICED support page at

www.cypherbridge.com/WICED.html

We offer an option for WICED customers to work with us directly for support and upgrades,

including customized builds. To get the latest and greatest features and direct technical support, please contact us

on our WICED support page, include your company contact information.

cypherbridge wrote:

In later releases of uSSL SDK included in WICED, the secure socket API adds a new function ussl_write_chunked()

that breaks down an arbitrary size payload write into smaller TLS message chunks.

I don't find the ussl_write_chunked(), can you point out which SDK version includes this API?

0 Likes