Updated AWS IoT (markdown)

s-hadinger 2019-06-22 11:40:13 +02:00
parent 864fad72fc
commit b152fd277f
1 changed files with 1 additions and 64 deletions

@ -290,67 +290,4 @@ In the "**Subscription topic**" field, type `+/sonoff/#` then click on "**Subscr
Enjoy! Enjoy!
------- ### For implementation details, see [here](TLS)
## Implementation notes
### Memory usage
TLS on Tasmota has been aggresively optimised to use as little memory (heap) as possible. It was also optimized to limit code size.
Memory consumption (nominal):
* BearSSL lib: **1424 bytes** (or 1024 bytes with letsencrypt or regular TLS)
* BearSSL ClientContext: **3440 bytes**
* Buffers (1024 bytes in + 1024 bytes out + overhead): **2528 bytes**
* **Total = 7.4k** (or 7.0k with letsencrypt or regular TLS)
Note: if you use USE_WEBSERVER, your impact is lowered by 2k since the Web log buffer is reduced from 4k to 2k. Overall when activating USE_WEBSERVER, you just see a memory impact of 5.4k.
Memory needed during connection (TLS handshake - fingerprint validation):
* ThunkStack = **5308 bytes** (or **3608 bytes** with letsencrypt or regular TLS)
* DecoderContext = **1152 bytes**
* **Total for connection = 6.5k** (or **4.8k** with letsencrypt or regular TLS)
Memory needed during connection (TLS handshake - full CA validation):
* ThunkStack = **5308 bytes** (or **3608 bytes** with letsencrypt or regular TLS)
* DecoderContext = **3072 bytes**
* **Total for connection = 8.4k** (or **6.7k** with letsencrypt or regular TLS)
### Connection Time
ESP8266 is quite slow compared to modern processors when it comes to SSL handshake. Here are the observed performance to connect to an SSL/TLS server, depending on frequency (80MHz or 160MHz):
AWS IoT Connection, with EC Private Key, simple fingerprint validation:
* **0.7s** at 160MHz
* **1.3s** at 80 MHz
AWS IoT Connection, with EC Private Key, full CA validation (easier to configure than fingerprints):
* **1.0s** at 160MHz
* **1.8s** at 80 MHz
Letsencrypt based server (Mosquitto for ex), simple fingerprint validation:
* **0.3s** at 160MHz
* **0.4s** at 80MHz
Letsencrypt based server (Mosquitto for ex), with full CA validation (easier to configure than fingerprint):
* **0.4s** at 160MHz
* **0.7s** at 80MHz
### TLS Troubleshooting
Here are the common TLS error:
Error code | Description
:--- | :---
| -1002 | Cannot connect to TCP port |
| -1000 | Out of memory error |
| 1 | Bad fingerprint |
| 62 | X509 not trusted, the server certificate is not signed by the CA (AWS IoT or Letsencrypt) |
| 298 | missing client private key |