Mbed forum

Handshake pause


(Tomasz Wilczak) #1

Hi
In My board STM32F107 (Cortex -M3 72 MHz) I run ssl server.
I noticed a break of about 2 seconds when doing handsahe, attaching a wiresharka dump, package No. 9 (Client Key Exchange) and package No. 13. What do this pause?


(Ron Eldor) #2

Hi @wilkxt
As you can see in your wireshark capture, packets 10 to 12 include TCP retransmission from your client to the server. It is very much likely, that there are some networking problems, causing your TCP layer to re-transmit, and the packet was not sent until only after ~1.5 seconds.
Regards,
Mbed TLS team member
Ron


(Tomasz Wilczak) #3

Yes, problem is on server.

Is it possible that the server (72 Mhz cortex-m3) is busy calculating data from the Client Key Exchange package?
I do not know how much computing power is needed in this case


(Ron Eldor) #4

Hi @wilkxt
Yes, it is very much likely. Note that, depending on the ciphersuite chosen, the server parses the client key exchange and calculates the secret, using DHM or ECDH( in case you are using one of these key exchanges in the ciphersuite) .
These operations are very much dependant on the CPU, and consume time.
You can consider looking for ways to increase performance of your operations.
I suggest you look at the following articles and posts:

Depending on your Key Ex change algorithm, you may consider increasing performance on the expense of memory.
What is the algorithm you are using for key exchange? What is the key size for that algorithm?
Regards,
Mbed TLS Team member
Ron


(Tomasz Wilczak) #5

Hi

I check MBEDTLS_DEBUG_C on and off and the impact on the handshake is negligible**.**

My server after Client Hello chose MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA.

I have certificate and key( -BEGIN RSA PRIVATE KEY) that is 2048bit (this is for ssl_server.c example).

I wonder if I need to use certificates to make my server work with the browser (https), maybe they are not needed?


(Ron Eldor) #6

Hi @wilkxt
Please note that RSA key exchange is not recommended, as it doesn’t protect you from future secrecy, and you should use DHM, or ECDHE.
Have you considered using an ECC based certificate and key exchange? Assuming the CA has an ECC root certificate as well.
Do you have MBEDTLS_HAVE_ASM defined on your platform?

I wonder if I need to use certificates to make my server work with the browser (https), maybe they are not needed?

Browser connect to servers with a certificate based connection. You will need to have a certificate on your server, in order to negotiate a secure connection with the browser.
Regards,
Mbed TLS Team member
Ron


(Tomasz Wilczak) #7

Do you have MBEDTLS_HAVE_ASM defined on your platform?

Yes, but if is disabled the result is the same.

I noticed that my processor spends about 2 seconds in the function “mbedtls_rsa_private (…)”, exactly in “mbedtls_mpi_exp_mod (…)”. Is it possible to speed it up?
If I use DHM or ECDHE the result will probably be worse

regards
Tomek


(Ron Eldor) #8

Hi @wilkxt

Yes, but if is disabled the result is the same.

If defining MBEDTLS_HAVE_ASM doesn’t affect performance, then probably bn_mul.h doesn’t have the assembly optimization for your platform, toolchain and compilation flags.
I should have asked you earlier, but what is the Mbed TLS version that you are using? What is the toolchain? What are the compilation flags(specifically, any optimization flags)?

If I use DHM or ECDHE the result will probably be worse

Why do you think so? in https://tls.mbed.org/discussions/generic/optimized-bn_mul-for-arm-with-thumb2 the OP mentions performance improvements, on EC operations, on STM32F4

Regards,
Ron


(Tomasz Wilczak) #9

Thanks for the info, it helped a lot

I should have asked you earlier, but what is the Mbed TLS version that you are using? What is the toolchain? What are the compilation flags(specifically, any optimization flags)?

I use
mbedtls-2.11.0 with set MBEDTLS_SSL_PROTO_TLS1_2
toolchain - gcc-arm-none-eabi-7-2017-q4-major
OPTIMIZATION = -O2 or 03 or 0s
I check bn_mul.h and compilator use it definition.
The exact difference betwen defining MBEDTLS_HAVE_ASM and not is about 100ms faster if defining `MBEDTLS_HAVE_ASM.
My procesor is cortex-M3 not cortex-M4(STM32F4).

I also check MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with MBEDTLS_ECP_NIST_OPTIM
There is pause about 0,8s betwen Client Hello and Server Hello, and about 0,3 betwen Client_Key_Exchenge and Change_Cihper_spec.
So the total delay in handshake is about 1.2 s which is a better result than 2 s in RSA. Probably it will not be faster on this processor.
I may use procesor(also cortex-M3) with HW crypto but this crypto is for SHA, HMAC and AES or DES, but these algorithms probably will not speed up operations in a handshake(bignum operation).
Procesor like STM32F4 witch cortex-M4 is faster even without hw crypto.

regards
Tomek