Hi, there!
I am doing a HTTPS server on STM32F4 MCU and one of the options is a file upload (size is in average around 300 kb). So, mbedTLS in my case is working as a server and firmware file is arriving to server in a POST request with HTTP header stating Content-Length to 300 kb. At attempt to read the data using a function mbedtls_ssl_read it gives out error -0x7200, which means MBEDTLS_ERR_SSL_INVALID_RECORD. However in case if I try to upload a firmware with size of several bytes (specially made small just for test) - then everything is working OK.
The big problem about usage of Mbed TLS with STM32 MCUs for IOT applications is lack of RAM cause you need to foresee 16kB x2 for I/O buffers, which can be too big amount. However in accordance with RFC6066 specification there is a possibility to use fragmentation and provide buffers with much smaller capacity.
I checked various sources and found that the problem can be solved by enabling the RFC 6066 max_fragment_length extension in the TLS config of the server to allow usage of fragmentation . Thus I want to use a function mbedtls_ssl_conf_max_frag_len(&sslConfig, MBEDTLS_SSL_MAX_FRAG_LEN_4096) to solve this problem.
Can you please inform if mbedTLS is supporting this option in current release or no. In one of the recent releases of Mbed TLS for versions 2.13.0, 2.7.6 and 2.1.15 this feature is announced, please check information on this release: https://tls.mbed.org/tech-updates/releases/mbedtls-2.13.0-2.7.6-and-2.1.15-released. However at mine it is still not working.
I have tried to use a functions mbedtls_ssl_conf_max_frag_len(&sslConfig, MBEDTLS_SSL_MAX_FRAG_LEN_4096) and
mbedtls_ssl_conf_max_frag_len(&sslConfig, MBEDTLS_SSL_MAX_FRAG_LEN_2048), but seems they give no effect. I am still facing an error MBEDTLS_ERR_SSL_INVALID_RECORD (-29184 or -0x7200) at attempt to upload a file with big size.
Can anyone support how to use function mbedtls_ssl_conf_max_frag_len correctly to make it work? Please note that I have MBEDTLS_SSL_MAX_FRAGMENT_LENGTH defined in mbedtls_config.h.
Thank you.
Evgeniy Vasyliev.
0
replies
Hi, there!
I am doing a HTTPS server on STM32F4 MCU and one of the options is a file upload (size is in average around 300 kb). So, mbedTLS in my case is working as a server and firmware file is arriving to server in a POST request with HTTP header stating Content-Length to 300 kb. At attempt to read the data using a function mbedtls_ssl_read it gives out error -0x7200, which means MBEDTLS_ERR_SSL_INVALID_RECORD. However in case if I try to upload a firmware with size of several bytes (specially made small just for test) - then everything is working OK.
The big problem about usage of Mbed TLS with STM32 MCUs for IOT applications is lack of RAM cause you need to foresee 16kB x2 for I/O buffers, which can be too big amount. However in accordance with RFC6066 specification there is a possibility to use fragmentation and provide buffers with much smaller capacity.
I checked various sources and found that the problem can be solved by enabling the RFC 6066 max_fragment_length extension in the TLS config of the server to allow usage of fragmentation . Thus I want to use a function mbedtls_ssl_conf_max_frag_len(&sslConfig, MBEDTLS_SSL_MAX_FRAG_LEN_4096) to solve this problem.
Can you please inform if mbedTLS is supporting this option in current release or no. In one of the recent releases of Mbed TLS for versions 2.13.0, 2.7.6 and 2.1.15 this feature is announced, please check information on this release: https://tls.mbed.org/tech-updates/releases/mbedtls-2.13.0-2.7.6-and-2.1.15-released. However at mine it is still not working.
I have tried to use a functions mbedtls_ssl_conf_max_frag_len(&sslConfig, MBEDTLS_SSL_MAX_FRAG_LEN_4096) and mbedtls_ssl_conf_max_frag_len(&sslConfig, MBEDTLS_SSL_MAX_FRAG_LEN_2048), but seems they give no effect. I am still facing an error MBEDTLS_ERR_SSL_INVALID_RECORD (-29184 or -0x7200) at attempt to upload a file with big size.
Can anyone support how to use function mbedtls_ssl_conf_max_frag_len correctly to make it work? Please note that I have MBEDTLS_SSL_MAX_FRAGMENT_LENGTH defined in mbedtls_config.h.
Thank you.