I'm working with the nrf/samples/net/https_client sample for the nRF9160 and am trying to get a better understanding of using the modem's offloaded TLS capabilities vs. Mbed TLS in the secure environment.
It mentions that there are more configuration options with Mbed TLS, but I can't seem to find much more in the way of details in comparing the two. Specifically, I would like to know:
- Is there a difference in performance (speed)?
- Is there a difference in power consumption?
- Is there a difference in security?
- Is there a difference in memory footprint (both volatile and non-volatile)?
- In which scenarios would one be recommended over the other?
And then regarding provisioning the certificates themselves, I'm not quite clear on which certificate types to provision. For MQTT with mTLS, I have three PEM-encoded files: the CA cert, the client cert, and the client private key. For modem key management, there are the following options:
MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN
MODEM_KEY_MGMT_CRED_TYPE_PUBLIC_CERT
MODEM_KEY_MGMT_CRED_TYPE_PRIVATE_CERT
MODEM_KEY_MGMT_CRED_TYPE_PSK
MODEM_KEY_MGMT_CRED_TYPE_IDENTITY
And for Mbed TLS, there are the following options:
TLS_CREDENTIAL_NONE
TLS_CREDENTIAL_CA_CERTIFICATE
TLS_CREDENTIAL_SERVER_CERTIFICATE
TLS_CREDENTIAL_PRIVATE_KEY
TLS_CREDENTIAL_PSK
TLS_CREDENTIAL_PSK_ID
For each of these two sets of options, which enums correspond to each of those three PEM-encoded files that I need to configure?
Thanks!