Many of our customers use the wolfSSL lightweight SSL/TLS package in M2M applications where usage is charged based on data transfer. As such, it becomes important to minimize data transfer rates when running SSL. Here are a few thoughts on how wolfSSL M2M users can minimize data packet overhead when implementing our embedded SSL:
1) Use a stream cipher like RC4, HC-128, or RABBIT. Stream ciphers don`t require padding, this will save at least half the cipher`s block size per message.
2) Use session resumption as much as possible. TLS session resumption uses less round trips and about 1/3 of the data compared to a full handshake, depending on certificate sizes and the certificate chain length mainly. wolfSSL now has a built-in client session cache so using session resumption no longer places a burden on the application developer to map remote servers with session instances.
3) Only sending the peer certificate instead of certificate chains can greatly reduce the data usage of a full TLS handshake. This will require the receiver to know about the root CAs and intermediate CAs ahead of time but it can often be worth it.
4) Use the shortest MAC you can, but still with good security. This is probably SHA1 for now. As more implementations begin to support truncated HMAC you could have the best of both. SHA-384 for example, but truncated to 10 bytes.
5) Group output messages. wolfSSL has the ability to send each TLS record individually or to send each group as flight. This is a small savings, mainly in IP/TCP/TLS record headers but it adds up over time.
6) Use compression at the TLS level if you`re not doing it at the application level. No sense in doing it twice though.