|
|||||||||||
Technical Support Support Resources
Product Information |
MDK MIDDLEWARE: Extending secure services for data rich appsInformation in this knowledgebase article applies to:
SYMPTOMAfter following the procedure to add mbed TLS security layer into a network application, the application prematurely exits after some multi-packet communication involving a browser or large file sizes. In a browser, trying to connect to IP address 192.168.0.100, this may be displayed as a webpage error. Chrome can report the following: Secure Connection Failed The connection to the server was reset while the page was loading... The 192.168.0.100 page isn't working 192.168.0.100 didn't send any data. ERR_EMPTY_RESPONSE Firefox can report the following: This site can't be reached The connection was reset... What can cause this? CAUSEA buffer in the security layer must be increased, to handle the maximum length allowed by the TLS standards. The maximum is 16,384 bytes. It is mentioned as "2^14 bytes" in RFC documentation. The network's TLS Interface for mbedTLS has also been updated to handle this type of traffic. RESOLUTIONUpgrade to Network Component v7.4.0 or later. In the file, mbedTLS_config.h, edit the following line of code: #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096 to: #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 Note: In later releases of the Network Component, "mbedTLS_config.h" was renamed to "mbedTLS_config_xxxx.h", where "xxxx" represents the type of the secure service. For small POST requests (ex. file sizes under 4KB), the original setting is ideal. For large POSTs and wide browser support, the standard recommends increasing this buffer to the maximum size. This allows successful communication of any file size that can be handled by a browser or its plug-in. If the network application is used with the File System component, then the design of any FAT file system includes file size limitations for storage. Increasing the size of the SSL buffers will significantly increase the RAM requirements of an application. A 16KB buffer is required for each session. This is a net increase of 12KB per session. Server applications may limit the number of sessions for a smaller memory footprint. SSL buffers are allocated to the heap. Heap size is configured in the "startup_xxx.s" file under the Device component. Note: When modifying the number of sessions, remember to test the new server against different browsers. The browser and the version of the browser can affect the minimum number of required sessions. The type of network (LAN vs. WAN) can also influence the minimum. MORE INFORMATIONSEE ALSO
Last Reviewed: Tuesday, December 22, 2020 | ||||||||||
|
Arm’s Privacy Policy has been updated. By continuing to use our site, you consent to Arm’s Privacy Policy. Please review our Privacy Policy to learn more about our collection, use and transfers
of your data.