TLS in OT CLI example

RE: TLS in OT CLI example

Sigurd Hellesvik — Tue, 28 Nov 2023 13:00:45 GMT

Aha, now I understand what is happening! Thanks for the explanation.

As you said, it is probably best to test with different sizes of MBEDTLS_HEAP_SIZE first, and see where that gets you

RE: TLS in OT CLI example

BenFT — Tue, 28 Nov 2023 10:39:13 GMT

We have the OT CLI incorporated with our application/build. The initial task was to see if we could add all the required libraries to the project, check they work (as much with the CLI), to evaluate the required footprint for our final hardware. So our testing of TCP is with the OT CLI within our application.

RE: TLS in OT CLI example

Sigurd Hellesvik — Tue, 28 Nov 2023 10:31:06 GMT

But did TCP work for your application before you added TLS to your application?

RE: TLS in OT CLI example

BenFT — Tue, 28 Nov 2023 09:50:14 GMT

"Can you use TCP alone for your application, where TLS does not work?"

We will be adding MQTT and AWS-IOT libraries next so TLS is required for that.

RE: TLS in OT CLI example

Sigurd Hellesvik — Tue, 28 Nov 2023 09:25:46 GMT

[quote user="BenFT"]Yes, the TCP example works fine. I can use the "ot tcp benchmark" successfully.[/quote]

"ot tcp benchmark" would be for the OT CLI, where TLS works fine, right?
Can you use TCP alone for your application, where TLS does not work?

[quote user="BenFT"]MBEDTLS_HEAP_SIZE[/quote]

Yes, I think it is a good idea to try to alter that. Please list which sizes work and which do not

RE: TLS in OT CLI example

BenFT — Tue, 28 Nov 2023 09:05:11 GMT

nrf/VERSION is 2.4.1
west.yml mostly refers to 2.4.1 the NCS version

Yes, the TCP example works fine. I can use the "ot tcp benchmark" successfully.

One of the things I changed in the config for TLS was that I have reduced the MBEDTLS_HEAP_SIZE as it was massive before and doesn't fit the DK with the other code. I might try altering that.

RE: TLS in OT CLI example

Sigurd Hellesvik — Tue, 28 Nov 2023 08:49:22 GMT

[quote user="BenFT"]

NCS is 2.4.1.

I can't actually see the SDK version - in the nrf directory there is version files but they are for NCS. In fact every mention of version is 2.4.1. This was all loaded with Zephyr and West. If you can tell me a file to look in, I will update.

[/quote]

"git status" inside the nrf folder. Or see nrf/VERSION file.

Have you been able to use TCP without TLS in your project before enabling TLS?

RE: TLS in OT CLI example

BenFT — Fri, 24 Nov 2023 13:57:00 GMT

NCS is 2.4.1.

mbedtls was only pulled in to try to get TLS working.

The sample
samples\net\sockets\echo_client\echo_client\overlay-tls.conf

CONFIG_MAIN_STACK_SIZE=4096

CONFIG_NET_BUF_RX_COUNT=100

CONFIG_NET_BUF_TX_COUNT=100

# TLS configuration

CONFIG_MBEDTLS=y

CONFIG_MBEDTLS_BUILTIN=y

CONFIG_MBEDTLS_ENABLE_HEAP=y

CONFIG_MBEDTLS_HEAP_SIZE=60000

CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=2048

CONFIG_NET_SOCKETS_SOCKOPT_TLS=y

CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=4

CONFIG_NET_SOCKETS_ENABLE_DTLS=y

CONFIG_POSIX_MAX_FDS=8

was used as the basis to add the relevant sub-modules.

RE: TLS in OT CLI example

Sigurd Hellesvik — Fri, 24 Nov 2023 13:22:36 GMT

Hi,

Which version of the nRF Connect SDK do you use?

Can you elaborate a bit on how you have tried to tune the mbedtls settings?

Do you use mbedtls only for tls or also for the crypto?