I have been testing out HTTPS with the http_application_update.
I have been able to successfully setup a TLS 1.2 connection, but I was seeing a lot of "Peer closed connection!" warnings after any request was made over the socket.
Swapping the request from GET to HEAD, resulted in a successful response, but of course the actual content was missing.
Upon further investigation, I found that reducing CONFIG_DOWNLOAD_CLIENT_MAX_TLS_FRAGMENT_SIZE from the default 2048 resolved the issue.
Looking further I found that the maximum total response (header + body/content) cannot be larger than 2303 bytes.
The header size is usually about 300-350 bytes in length, but this varies depending on the number of digits in the Content-Range header, and potentially there may be optional headers which might be included or omitted by any specific server.
I am wondering what the source of this limitation is, and more importantly is this limitation fixed/predictable, or could the maximum size be even lower under other circumstances?
I have seen some articles online about how TLS can be sensitive to packet fragmentation, which suggests this limit might be related to the MTU size (2303 is oddly close to the 802.11 MTU)? However, if this size limit for TLS is based on the MTU size, then it may be difficult to determine the maximum safe size to use. I expect the MTU size might change between network operators, and might even be route specific.
Alternatively, if this limit is related to some buffer size in modem firmware, then I should be able to specify a safe size (with a bit of slack for any variability in the header size).
Running the same application without TLS, I have no issue receiving 4096 byte size fragments of the file.
