mahavirj
commented
3 days ago @ammaree
Can we assume option descriptions (1st line of each one) is correct and text in additional info (2nd line) is incorrect?
Yes. I have raised internal fix to correct the additional info text.
For size optimization to mbedTLS library, please refer to this guide.
For reducing the heap usage, you may consider enabling dynamic buffer feature (supported with only TLS 1.2) as per this guide.
Answers checklist.
General issue report
Moving from IDF 5.0 to Master we have run into problems that our application does not fit into a 1MB partition anymore. In the process we tried to optimise the MbedTLS config to only support a minimal subset of cipher suites and using the suites supported by the hosts we need to access we found that the following 2 protocols are common: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
We are using HTTPS only for a client connection to upload coredump info (very irregular) as well as to do IP geolocation to determine timezone and related info (very, very irregularly).
Whilst going through all the options for MbedTLS (only v1.2 required) in SDKCONFIG we found the same information/description for 4 different options being:
Questions we have are: a) Can we assume option descriptions (1st line of each one) is correct and text in additional info (2nd line) is incorrect? b) If not, can we please have more info so as to be able to ensure working config? c) Since the HTTPS client is used very seldom speed is not a major concern for us. Most important is a) to minimise code size and b) stack and/or heap usage. Any suggestions for the optimal config to meet the requirement for the 2 specific cipher suites, TLS1.2 only, client only?
All help appreciated.