BearSSL_Sessions.ino does not demonstrate faster connection with session #8505
Comments
|
@DarioGHub |
|
Ok, using Arduino IDE, chose tools > CPU Frequency: 160 MHz, then recompiled sketch. Generally sped up connections by about 30 percent, but still without a noticeably difference when using a session. Connecting without sessions...Trying: api.github.com:443... Maybe I'm expecting too much. Is 50 ms the 'faster' connection to be demonstrated by using sessions in this example? |
|
@DarioGHub |
|
Hm, DarioGHub wrote in his initial post: |
|
Dear @fsommer1968 , yes I have see the first link in initial post, but my request is to see true code in use. |
|
Eliminated a couple of possible reasons for lack of faster connection with session by using Arduino IDE to enable/disable debugging. Does user code have to tell the library to reuse the session on subsequent connections? Actual code was as follows: // Example of using SSL sessions to speed up SSL connection initiation
//
// September 2018 by Earle F. Philhower, III
// Released to the public domain
#include <ESP8266WiFi.h>
#include <time.h>
#include "certs.h"
#ifndef STASSID
#define STASSID "A28"
#define STAPSK "passout"
#endif
const char *ssid = STASSID;
const char *pass = STAPSK;
const char *path = "/";
void setup() {
Serial.begin(115200);
Serial.println();
Serial.println();
Serial.printf("Connecting to %s\n", ssid);
WiFi.mode(WIFI_STA);
WiFi.begin(ssid, pass);
while (WiFi.status() != WL_CONNECTED) {
delay(500);
Serial.print(".");
}
Serial.println("\nConnected");
Serial.println("IP Address: ");
Serial.println(WiFi.localIP());
// Set up time to allow for certificate validation
configTime(3 * 3600, 0, "pool.ntp.org", "time.nist.gov");
Serial.print("Waiting for NTP time sync: ");
time_t now = time(nullptr);
while (now < 8 * 3600 * 2) {
delay(500);
Serial.print(".");
now = time(nullptr);
}
Serial.println("");
struct tm timeinfo;
gmtime_r(&now, &timeinfo);
Serial.print("Current time: ");
Serial.print(asctime(&timeinfo));
}
// Try and connect using a WiFiClientBearSSL to specified host:port and dump HTTP response
void fetchURL(BearSSL::WiFiClientSecure *client, const char *host, const uint16_t port, const char *path) {
if (!path) { path = "/"; }
Serial.printf("Trying: %s:443...", host);
client->connect(host, port);
if (!client->connected()) {
Serial.printf("*** Can't connect. ***\n-------\n");
return;
}
Serial.printf("Connected!\n-------\n");
client->write("GET ");
client->write(path);
client->write(" HTTP/1.0\r\nHost: ");
client->write(host);
client->write("\r\nUser-Agent: ESP8266\r\n");
client->write("\r\n");
uint32_t to = millis() + 5000;
if (client->connected()) {
do {
char tmp[32];
memset(tmp, 0, 32);
int rlen = client->read((uint8_t *)tmp, sizeof(tmp) - 1);
yield();
if (rlen < 0) { break; }
// Only print out first line up to \r, then abort connection
char *nl = strchr(tmp, '\r');
if (nl) {
*nl = 0;
Serial.print(tmp);
break;
}
Serial.print(tmp);
} while (millis() < to);
}
client->stop();
Serial.printf("\n-------\n\n");
}
void loop() {
uint32_t start, finish;
BearSSL::WiFiClientSecure client;
BearSSL::X509List cert(cert_DigiCert_High_Assurance_EV_Root_CA);
Serial.printf("Connecting without sessions...");
start = millis();
client.setTrustAnchors(&cert);
fetchURL(&client, github_host, github_port, path);
finish = millis();
Serial.printf("Total time: %dms\n", finish - start);
BearSSL::Session session;
client.setSession(&session);
Serial.printf("Connecting with an uninitialized session...");
start = millis();
client.setTrustAnchors(&cert);
fetchURL(&client, github_host, github_port, path);
finish = millis();
Serial.printf("Total time: %dms\n", finish - start);
Serial.printf("Connecting with the just initialized session...");
start = millis();
client.setTrustAnchors(&cert);
fetchURL(&client, github_host, github_port, path);
finish = millis();
Serial.printf("Total time: %dms\n", finish - start);
Serial.printf("Connecting again with the initialized session...");
start = millis();
client.setTrustAnchors(&cert);
fetchURL(&client, github_host, github_port, path);
finish = millis();
Serial.printf("Total time: %dms\n", finish - start);
delay(10000); // Avoid DDOSing github
} |
|
@DarioGHub Basic SSL ciphers. |
|
Thanks @Bighoneypot for testing. What conclusion do you draw from the above results? |
|
@DarioGHub |
|
You are not seeing a difference because you're not actually connecting with the same HTTPS server. Changing the URL to a machine I own which is not behind a load balancer (www.ziplabel.com, also need to update the cert or use |
|
Thank you @earlephilhower for your many contributions, and pointing out the limitation of sessions when used against multiple servers masquerading as one, and the limitation of my imagination. In hindsight, of course I should not have relied so much on the example, and changed the host just like we change passwords. Does a note to this effect belong in the example? |
|
Fair enough, @DarioGHub . I've got a PR in with a connection to the ESP8266.com forum which shows a 50% speedup consistently, with some comments in the INO about the limits of sessions. |
Basic Infos
Platform
Settings in IDE
Example sketch does not demonstrate faster connection when "Connecting again with the initialized session..."
MCVE https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266WiFi/examples/BearSSL_Sessions/BearSSL_Sessions.ino
Serial output:
Connecting without sessions...Trying: api.github.com:443...BSSL:_connectSSL: start connection...
Total time: 2786ms
Connecting with an uninitialized session...Trying: api.github.com:443...BSSL:_connectSSL: start connection...
Total time: 2681ms
Connecting with the just initialized session...Trying: api.github.com:443...BSSL:_connectSSL: start connection...
Total time: 2675ms
Connecting again with the initialized session...Trying: api.github.com:443...BSSL:_connectSSL: start connection...
Total time: 3137ms
The text was updated successfully, but these errors were encountered: