Topic: 18 seconds to Key Exchange...?
I am using version 4.7 in a TI SYSBIOS RTOS environment, running on an A8 am335x MCU.
A TCP/IP socket server is running in the device. I am connecting to it with a chrome browser.
The server in the ARM device has self signed certificates. So naturally the browser gives a prompt and warning.
When using a 2048 bit cert key, the page appears within 1/2 second.
When using a 4096 bit key, it takes 18 seconds. (Actually it take more because apparently, the browser is failing and reconnecting... so it is really 38 seconds).
It is even sucking all the MCU time from the TI RTOS tasks, as nothing else runs while it is doing whatever this math is.
I have tried many of these settings in this thread, https://www.wolfssl.com/forums/post5516.html#p5516
however nothing budges.
Currently, the settings I have defined are:
#define USE_FAST_MATH #define ALT_ECC_SIZE #define OPENSSL_EXTRA /* */ // From the "settings.h" #define FP_MAX_BITS 8192 /* Increase for 4096 bit key */ #define USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_4096 #define HAVE_ECC #define HAVE_ALPN #define USE_WOLF_STRTOK /* use with HAVE_ALPN */ #define HAVE_TLS_EXTENSIONS #define HAVE_AESGCM // Speed up tests #define WOLFSSL_SP_DH #define WOLFSSL_HAVE_SP_ECC // New settings, trying to get client to connect #define WOLFSSL_AES_256 #define RSA_LOW_MEM #define WOLFSSL_SHA384 #define WOLFSSL_SHA512 #define NO_PSK #define HAVE_AESGCM #define ECC_USER_CURVES #define ECC_SHAMIR #define WOLFSSL_RIPEMD #define HAVE_EXTENDED_MASTER
I also have wireshark traces for both certificates (2048 = okay, 4096 = SLOW). They are zipped and attached.
(IP ...93 is the server, IP ...111 is my browser laptop connecting to it)
Any advice appreciated.
<Code shown is not to scale>