Keil Logo

MDK MIDDLEWARE: Extending secure services for data rich apps


Information in this knowledgebase article applies to:

  • MDK v5.x
  • Middleware Network Component v7.3.0
  • ARM::mbedTLS Pack v1.1.1

SYMPTOM

After following the procedure to add mbed TLS security layer into a network application, the application prematurely exits after some multi-packet communication involving a browser or large file sizes. In a browser, trying to connect to IP address 192.168.0.100, this may be displayed as a webpage error.

Chrome can report the following:

Secure Connection Failed
The connection to the server was reset while the page was loading...
The 192.168.0.100 page isn't working
192.168.0.100 didn't send any data.
ERR_EMPTY_RESPONSE

Firefox can report the following:

This site can't be reached
The connection was reset...

What can cause this?

CAUSE

A buffer in the security layer must be increased, to handle the maximum length allowed by the TLS standards. The maximum is 16,384 bytes. It is mentioned as "2^14 bytes" in RFC documentation. The network's TLS Interface for mbedTLS has also been updated to handle this type of traffic.

RESOLUTION

Upgrade to Network Component v7.4.0 or later.

In the file, mbedTLS_config.h, edit the following line of code:

#define MBEDTLS_SSL_MAX_CONTENT_LEN             4096

to:

#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384

Note: In later releases of the Network Component, "mbedTLS_config.h" was renamed to "mbedTLS_config_xxxx.h", where "xxxx" represents the type of the secure service.

For small POST requests (ex. file sizes under 4KB), the original setting is ideal. For large POSTs and wide browser support, the standard recommends increasing this buffer to the maximum size. This allows successful communication of any file size that can be handled by a browser or its plug-in. If the network application is used with the File System component, then the design of any FAT file system includes file size limitations for storage.

Increasing the size of the SSL buffers will significantly increase the RAM requirements of an application. A 16KB buffer is required for each session. This is a net increase of 12KB per session. Server applications may limit the number of sessions for a smaller memory footprint. SSL buffers are allocated to the heap. Heap size is configured in the "startup_xxx.s" file under the Device component.

Note: When modifying the number of sessions, remember to test the new server against different browsers. The browser and the version of the browser can affect the minimum number of required sessions. The type of network (LAN vs. WAN) can also influence the minimum.

MORE INFORMATION

SEE ALSO

Last Reviewed: Tuesday, December 22, 2020


Did this article provide the answer you needed?
 
Yes
No
Not Sure
 
  Arm logo
Important information

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies.

Change Settings

Privacy Policy Update

Arm’s Privacy Policy has been updated. By continuing to use our site, you consent to Arm’s Privacy Policy. Please review our Privacy Policy to learn more about our collection, use and transfers
of your data.