TLS handshake slow ?

[DannyBackx]

Hi,

TLS handshake appears to take a while :

I (21260) TLS loop: Start handshake ...
I (28470) TLS loop: SSL/TLS handshake ok

What could cause (or fix) this ?
Thanks,

Danny

Code: Select all

    ESP_LOGI(tls_tag, "Start handshake ..." );
    if ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
      if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
        mbedtls_strerror(ret, error_buf, sizeof(error_buf));
        ESP_LOGE(tls_tag, "SSL/TLS handshake failed, error %d (%s)", ret, error_buf);
        continue;
      }
    }
    ESP_LOGI(tls_tag, "SSL/TLS handshake ok");

[ESP_Angus]

Hi Danny,

There's normally some delay, but 7 seconds is very long! What cipher suite ends up being used for the connection?

Angus

[DannyBackx]

I hate to admit I don't know where to look

(71458960) TLS loop: Start handshake ...
(71465930) TLS loop: SSL/TLS handshake ok

When I run the client (ssl_client2) with debug_level=99 it says a lot of things, amongst which :

ssl_tls.c:5606: |3| signed using : RSA with SHA-256
ssl_tls.c:5606: |3| RSA key size : 2048 bits
...
ssl_tls.c:8094: |2| <= handshake
ok
[ Protocol is TLSv1.2 ]
[ Ciphersuite is TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 ]
[ Record expansion is 29 ]
[ Maximum fragment length is 16384 ]
. Verifying peer X.509 certificate... ok

[permal]

Following this thread with interest, I'm experiencing ~5 second handshakes.

[DannyBackx]

Per,

You closed your issue (https://github.com/espressif/esp-idf/issues/3523). Understandably.
Would it be a good idea to open a new one about the cause of this 5 .. 7 second delay ?

Until someone claims / proves otherwise, I'm inclined to think this is a bug.

Danny

[permal]

Danny,

I've seen people with handshake times up to 15-30s on MCUs at 80MHz at mbedTLS forum so I'm not sure that our 5 seconds are unreasonable long at 240Mhz. I don't want to cry "bug!" quite yet.

// Per

[DannyBackx]

See viewtopic.php?f=13&t=929

That's much faster than what we currently see.

Danny

[permal]

See viewtopic.php?f=13&t=929

That's much faster than what we currently see.

Danny

That is is. Open a ticket if you really think it is a bug. I need to dig deeper into my implementation before I can say where time is spent and I can call it a bug.

[DannyBackx]

You're right. My code had a call to create a task for this. Setting other priority values on that task, and not pinning it to one core, reduces the response time to 3s. Still a lot longer than the report I referred to...

Any clues on how to make this better ? I can't seem to find useful values for that priority field.

Danny

[permal]

You're right. My code had a call to create a task for this. Setting other priority values on that task, and not pinning it to one core, reduces the response time to 3s. Still a lot longer than the report I referred to...

Any clues on how to make this better ? I can't seem to find useful values for that priority field.

Danny

Not really, no.