Announcements

Help us improve the Power & Sensing Selection Guide. Share feedback

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
DaBa_2244756
Level 5
Level 5
25 likes received 10 likes received 10 likes given

Hi Cypress team and community,

We using wiced sdk 3.7.0  , FreeRtos-LWIP,  and closed code wiced ssl lib (BESL).

For client to server connection we using wiced_https_get function.

I noticed, that connection using more traffic and cpu usage. In Wireshark packet analyzer I see, that at TLS1.2 handshake stage SERVER always send same  Certificate data (5-6Kb), because wiced not sending  session id.

TLS1.2 protocol (RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2 ) have "Resuming Sessions" mode.

"The client sends a ClientHello using the Session ID of the session to

  be resumed. The server then checks its session cache for a match.

  If a match is found, and the server is willing to re-establish the

  connection under the specified session state, it will send a

  ServerHello with the same Session ID value."

"

4. Relative efficiency: Cryptographic operations tend to be highly

  CPU intensive, particularly public key operations. For this

  reason, the TLS protocol has incorporated an optional session

  caching scheme to reduce the number of connections that need to be

  established from scratch. Additionally, care has been taken to

  reduce network activity."

My question.

How to enable in wiced closed code BESL "Resuming Sessions" session id mode?

Darius

0 Likes
1 Reply
DaBa_2244756
Level 5
Level 5
25 likes received 10 likes received 10 likes given

After some investigation,

in function

wiced_result_t wiced_generic_start_tls_with_ciphers( wiced_tls_context_t* tls_context, void* referee, wiced_tls_endpoint_type_t type, wiced_tls_certificate_verification_t verification, const cipher_suite_t* cipher_list[], tls_transport_protocol_t transport_protocol )

I found call closed source ssl internal function.

ssl_set_session ( &tls_context->context, SESSION_CAN_BE_RESUMED, 1000000, &tls_context->session );

It defined

void    ssl_set_session ( ssl_context *ssl, int32_t resume, int32_t timeout, ssl_session *session );

Can anybody explain parameter   "timeout"?  What it description? (session timeout or call timeout...)

If I save old sesion  in tls_context->session, then  in wireshark  packet I see that  wiced begun send session id in ClientHello handshake. Then server stop sending Certificate data (5-6kb)!  So it work.

What can be notes or advices?

Darius