tls 1.2 vs 1.3

Discussion to talk about software related topics only.
SeeCwriter
Posts: 614
Joined: Mon May 12, 2008 10:55 am

tls 1.2 vs 1.3

Post by SeeCwriter »

Using v3.3.9 on a MOD5441X. When tls 1.2 is enabled my webpage loads in about 40-seconds, and I had to slow webpage updates/refreshes to every 2-seconds in order to work. When I enable tls 1.3, the webpage takes about 80-seconds to load, but is not able to update/refresh even at a 5-second rate. Everything I've read says that handshaking with tls 1.3 is faster and simpler. Is this normal?
User avatar
TomNB
Posts: 552
Joined: Tue May 10, 2016 8:22 am

Re: tls 1.2 vs 1.3

Post by TomNB »

Something seems wrong there. Try the unmodified ssl web demo example, then compare the differences to your code. Also, make sure you are in release mode, debug mode will be very slow since it can't use fast ram. Can you verify you are in release mode? What are your reload times for the ssl web demo?

Also, I think part of using 1.3 specifies that 1.2 must be disabled (need to verify this). Be sure you don't have to communicate with any devices that are not capable of 1.3 if that is the case.
SeeCwriter
Posts: 614
Joined: Mon May 12, 2008 10:55 am

Re: tls 1.2 vs 1.3

Post by SeeCwriter »

I only use release mode. I haven't used debug mode in years.
With tls 1.3 enabled, the ssl web demo example loads its webpage in 10-15 seconds. But it's loading less than 20k of data. My webpage contains 1.2MB of data consisting of html files, images, icons, and javascript files.
I haven't tried tls 1.2. And you are correct that when tls 1.3 is enabled that 1.2 is disabled.
User avatar
TomNB
Posts: 552
Joined: Tue May 10, 2016 8:22 am

Re: tls 1.2 vs 1.3

Post by TomNB »

Hello,

1.2MB is a pretty hefty web page for an embedded device. What is the total used by images?

What are you using for the certificate? RSA is very slow, ECC much faster.

We have noticed a slow down in tls 1.3 with the latest wolf upgrade that is in 3.3.9. We are looking into that, but it will take a few weeks. I would stay with 1.2 if possible until we have those results.

With regard to tls 1.2 being disabled, here is the line in predef.h to enable 1.3:
//#define SSL_TLS_1_3_SUPPORT (1) // Enable support for TLS v1.3, disables support for TLS v1.2

So 1.2 is disabled when using 1.3.
SeeCwriter
Posts: 614
Joined: Mon May 12, 2008 10:55 am

Re: tls 1.2 vs 1.3

Post by SeeCwriter »

I mistakenly included some backup files in the total. The real webpage size is 625kB. Images are 89k, html is 162k, and javascript are 375k. I am using a self-generated ECC cert.
Would using websockets improve webpage loading?
User avatar
TomNB
Posts: 552
Joined: Tue May 10, 2016 8:22 am

Re: tls 1.2 vs 1.3

Post by TomNB »

Hello,

What key size are you using?

As previously mentioned, we have identified a speed issue with 3.3.9 and tls 1.3. Can you confirm the numbers you are now providing are for tls 1.2 and tls 1.3 is not enabled?
SeeCwriter
Posts: 614
Joined: Mon May 12, 2008 10:55 am

Re: tls 1.2 vs 1.3

Post by SeeCwriter »

I don't know what the key size is. I'm using whatever the self-generating cert produces. This is from predef.h that I'm using:

Code: Select all

#ifdef NB_SSL_SUPPORTED
#define SSL_TLS_SUPPORT (1)
#define WEB_CLIENT_SSL_SUPPORT (1)
#define SSL_DEFAULT_MAX_SESSION_AGE_TICKS (3600 * TICKS_PER_SECOND)   // 1 Hour
#define TLS_CACHE_PEER_CERT_VALIDATIONS (1)
#define ENABLE_ED25519 (1)
//#define SSL_TLS_1_3_SUPPORT (1) // Enable support for TLS v1.3, disables support for TLS v1.2
#define ENABLE_AUTOCERT_REGEN (1) // Enable if autogenerated certificates should renew automatically when expired
#ifdef ENABLE_AUTOCERT_REGEN
#define AUTO_CERT_GEN_CHECK (60 * TICKS_PER_SECOND)   // Every min
#endif

// Used to enable more robust ECC curves, at the expense of handshake speed
//#define ENABLE_ECC384 (1)
//#define ENABLE_ECC521 (1)

// Used to enable RSA 4K Keys
//#define ENABLE_RSA_4K (1)
#endif
I also commented out line 376 in file user_settings.h for the MOD54415 to ensure only ECC was used, which is:

Code: Select all

//#define ENABLE_RSAKEY_CREATE   // Custom define, maybe should move to predef?
User avatar
TomNB
Posts: 552
Joined: Tue May 10, 2016 8:22 am

Re: tls 1.2 vs 1.3

Post by TomNB »

Hello,

After further testing, we have noticed the speed has decreased from release 3.3.8 to 3.3.9, as the new wolfSSL version 5.5 have different optimizations. We are working on a 3.4.0 release for mid to late March.
SeeCwriter
Posts: 614
Joined: Mon May 12, 2008 10:55 am

Re: tls 1.2 vs 1.3

Post by SeeCwriter »

Thank you for the update.
User avatar
TomNB
Posts: 552
Joined: Tue May 10, 2016 8:22 am

Re: tls 1.2 vs 1.3

Post by TomNB »

Something else I have noticed on my system. With BitDefender installed, it does it's own certificate check, and I see a bit defender cert, not just the netburner autogenerated cert. Looking into it now, but I think actually goes out and does it's own check in it's cloud database check, which takes more time. I've attached cert screen shots from firefox showing bit defender enabled vs disabled. Only a sample size of 1, but in my tests takes a lot longer when bitdefender is involved. I think that is what they call their zero-day attack feature.
Attachments
bitdefendercert.png
bitdefendercert.png (23.1 KiB) Viewed 11982 times
nbcert.png
nbcert.png (34.39 KiB) Viewed 11982 times
Post Reply