mbedTLS Speed Issues -- Handshake Running Very Slow

Hello,

I am currently using a project with the Keil compact HTTPS server running with mbedTLS. The webpages are running very slowly, however, specifically during a handshake. We are using AJAX data that the client requests for the webpage every second, and that data appears to be what’s causing it to run so slow (~6 seconds to load an AJAX resource).

We have already added in hardware acceleration for AES, SHA1, SHA256, MD5, GCM, and CCM. However, that has not sped up our page loading (about 5 seconds to load a resource still).

Are there any other optimization options we can add in to our mbedTLS_config.h file to improve performance? Perhaps an option for caching handshake calculations?

I have attached our mbedTLS_config.h file here:

#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H

/* System support */
#define MBEDTLS_ENTROPY_HARDWARE_ALT
#define MBEDTLS_ENTROPY_FORCE_SHA256

#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE

/* mbed TLS feature support */
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_CIPHER_MODE_CBC
//#define MBEDTLS_CIPHER_MODE_CFB
//#define MBEDTLS_CIPHER_MODE_CTR
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
#define MBEDTLS_CIPHER_PADDING_ZEROS
////#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
#define MBEDTLS_GENPRIME
#define MBEDTLS_NO_PLATFORM_ENTROPY
//#define MBEDTLS_PK_RSA_ALT_SUPPORT
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_PKCS1_V21
//#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#define MBEDTLS_SSL_FALLBACK_SCSV
//#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
//#define MBEDTLS_SSL_RENEGOTIATION
//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
//#define MBEDTLS_SSL_PROTO_SSL3
//#define MBEDTLS_SSL_PROTO_TLS1
#define MBEDTLS_SSL_PROTO_TLS1_1
#define MBEDTLS_SSL_PROTO_TLS1_2
#define MBEDTLS_SSL_ALPN
//#define MBEDTLS_SSL_SESSION_TICKETS
//#define MBEDTLS_SSL_SERVER_NAME_INDICATION
//#define MBEDTLS_SSL_TRUNCATED_HMAC
//#define MBEDTLS_X509_CHECK_KEY_USAGE
//#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT

/* mbed TLS modules */
#define MBEDTLS_AES_C
//#define MBEDTLS_ARC4_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BASE64_C
#define MBEDTLS_BIGNUM_C
//#define MBEDTLS_BLOWFISH_C
//#define MBEDTLS_CAMELLIA_C
#define MBEDTLS_CCM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
////#define MBEDTLS_DEBUG_C
//#define MBEDTLS_DES_C
//#define MBEDTLS_DHM_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_GCM_C
//#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
#define MBEDTLS_OID_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
//#define MBEDTLS_PKCS5_C
//#define MBEDTLS_PKCS12_C
//#define MBEDTLS_PLATFORM_C
//#define MBEDTLS_RIPEMD160_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA256_C
//#define MBEDTLS_SHA512_C
#define MBEDTLS_SSL_CACHE_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ECDH_C
#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_ECP_MAX_BITS 256
//#define MBEDTLS_SSL_COOKIE_C
//#define MBEDTLS_SSL_TICKET_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_X509_CRT_PARSE_C
//#define MBEDTLS_X509_CSR_PARSE_C

//#define MBEDTLS_AES_ALT
//#define MBEDTLS_CCM_ALT
//#define MBEDTLS_GCM_ALT
//#define MBEDTLS_SHA1_ALT
//#define MBEDTLS_SHA256_ALT
//#define MBEDTLS_MD5_ALT
//#define MBEDTLS_RSA_ALT
#define MBEDTLS_PLATFORM_C
#define INT_MAX 0x7fffffff
//#define TLS_THREAD_PRIORITY osPriorityHigh
//#define TLS_THREAD_STACK_SIZE 8192

#define MBEDTLS_SSL_CACHE_C

// ======== Optimizations =========
/*

  • Save RAM at the expense of interoperability: do this only if you control
  • both ends of the connection! (See coments in “mbedtls/ssl.h”.)
  • The minimum size here depends on the certificate chain used as well as the
  • typical size of records.
    */
    //#define MBEDTLS_SSL_MAX_CONTENT_LEN 8182

//#include “check_config.h”

#endif /* MBEDTLS_CONFIG_H */

Any assistance would be appreciated!