yh Tang
/
NuMaker-mbed-AWS-IoT-example
NuMaker connection with AWS IoT thru MQTT/HTTPS
mbedtls_user_config.h@26:e5cfc2628e84, 2019-04-15 (annotated)
- Committer:
- ccli8
- Date:
- Mon Apr 15 17:31:56 2019 +0800
- Revision:
- 26:e5cfc2628e84
- Parent:
- 25:edf568984d27
- Child:
- 34:369cb3afc198
Reduce memory footprint according to RFC 6066 TLS extension
1. Enable RFC 6066 max_fragment_length extension.
2. Reduce `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` to 4KiB/4KiB from 16KiB/16KiB.
But this approach is risky because:
1. AWS IoT doesn't support RFC 6066 TLS extension yet.
2. TLS handshake may need larger I/O buffers than configured 4KiB/4KiB. 4KiB/4KiB is minimum
to pass TLS handshake per test.
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
ccli8 |
1:5ffad9f24d63 | 1 | /* |
ccli8 |
1:5ffad9f24d63 | 2 | * Copyright (C) 2006-2016, Arm Limited, All Rights Reserved |
ccli8 |
1:5ffad9f24d63 | 3 | * SPDX-License-Identifier: Apache-2.0 |
ccli8 |
1:5ffad9f24d63 | 4 | * |
ccli8 |
1:5ffad9f24d63 | 5 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
ccli8 |
1:5ffad9f24d63 | 6 | * not use this file except in compliance with the License. |
ccli8 |
1:5ffad9f24d63 | 7 | * You may obtain a copy of the License at |
ccli8 |
1:5ffad9f24d63 | 8 | * |
ccli8 |
1:5ffad9f24d63 | 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
ccli8 |
1:5ffad9f24d63 | 10 | * |
ccli8 |
1:5ffad9f24d63 | 11 | * Unless required by applicable law or agreed to in writing, software |
ccli8 |
1:5ffad9f24d63 | 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
ccli8 |
1:5ffad9f24d63 | 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
ccli8 |
1:5ffad9f24d63 | 14 | * See the License for the specific language governing permissions and |
ccli8 |
1:5ffad9f24d63 | 15 | * limitations under the License. |
ccli8 |
1:5ffad9f24d63 | 16 | * |
ccli8 |
1:5ffad9f24d63 | 17 | * This file is part of Mbed TLS (https://tls.mbed.org) |
ccli8 |
1:5ffad9f24d63 | 18 | */ |
ccli8 |
1:5ffad9f24d63 | 19 | |
ccli8 |
1:5ffad9f24d63 | 20 | #if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && \ |
ccli8 |
1:5ffad9f24d63 | 21 | !defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_TEST_NULL_ENTROPY) |
ccli8 |
1:5ffad9f24d63 | 22 | #error "This hardware does not have an entropy source." |
ccli8 |
1:5ffad9f24d63 | 23 | #endif /* !MBEDTLS_ENTROPY_HARDWARE_ALT && !MBEDTLS_ENTROPY_NV_SEED && |
ccli8 |
1:5ffad9f24d63 | 24 | * !MBEDTLS_TEST_NULL_ENTROPY */ |
ccli8 |
1:5ffad9f24d63 | 25 | |
ccli8 |
1:5ffad9f24d63 | 26 | #if !defined(MBEDTLS_SHA1_C) |
ccli8 |
1:5ffad9f24d63 | 27 | #define MBEDTLS_SHA1_C |
ccli8 |
1:5ffad9f24d63 | 28 | #endif /* !MBEDTLS_SHA1_C */ |
ccli8 |
1:5ffad9f24d63 | 29 | |
ccli8 |
1:5ffad9f24d63 | 30 | /* |
ccli8 |
1:5ffad9f24d63 | 31 | * This value is sufficient for handling 2048 bit RSA keys. |
ccli8 |
1:5ffad9f24d63 | 32 | * |
ccli8 |
1:5ffad9f24d63 | 33 | * Set this value higher to enable handling larger keys, but be aware that this |
ccli8 |
1:5ffad9f24d63 | 34 | * will increase the stack usage. |
ccli8 |
1:5ffad9f24d63 | 35 | */ |
ccli8 |
1:5ffad9f24d63 | 36 | #define MBEDTLS_MPI_MAX_SIZE 256 |
ccli8 |
1:5ffad9f24d63 | 37 | |
ccli8 |
1:5ffad9f24d63 | 38 | #define MBEDTLS_MPI_WINDOW_SIZE 1 |
ccli8 |
1:5ffad9f24d63 | 39 | |
ccli8 |
1:5ffad9f24d63 | 40 | #if defined(TARGET_STM32F439xI) && defined(MBEDTLS_CONFIG_HW_SUPPORT) |
ccli8 |
1:5ffad9f24d63 | 41 | #undef MBEDTLS_AES_ALT |
ccli8 |
1:5ffad9f24d63 | 42 | #endif /* TARGET_STM32F439xI && MBEDTLS_CONFIG_HW_SUPPORT */ |
ccli8 |
1:5ffad9f24d63 | 43 | |
ccli8 |
25:edf568984d27 | 44 | /* Maximum length (in bytes) of incoming plaintext fragments */ |
ccli8 |
26:e5cfc2628e84 | 45 | #define MBEDTLS_SSL_IN_CONTENT_LEN 4096 |
ccli8 |
25:edf568984d27 | 46 | |
ccli8 |
25:edf568984d27 | 47 | /* Maximum length (in bytes) of outgoing plaintext fragments */ |
ccli8 |
26:e5cfc2628e84 | 48 | #define MBEDTLS_SSL_OUT_CONTENT_LEN 4096 |