SSL certificate size
igrr opened this issue · comments
From @tijnkooijmans on March 17, 2016 10:6
Is there any limit to the SSL certificate size in axTLS?
I'm using WifiClientSecure and when I have fully-chained certificate (6 kb) on the server the connection gets refused (error -1) while if the server only uses the non-chained certificate (1.8 kb) there is no problem.
I have 30 kb heap available when making the SSL connection so it's no memory issue.
Thanks in advance for looking into this!
Copied from original issue: esp8266/Arduino#1788
Could you please advise how to reproduce this? What server URL should I use for non-chained certificate and fully-chained certificate?
From @tijnkooijmans on March 17, 2016 10:52
Thanks for your super-fast response! This is the one without chain:
brokerstagingdev.minibrew.io
This is the one with chain:
brokerstaging.minibrew.io
Okay, this is what seems to be happening... In order to reduce memory pressure during handshake, we allocate smaller TLS fragment buffer (~6kb) than per spec (16kb). Then when connection is established, we allow this buffer to grow as required. I will check if we can allow this buffer to grow during handshake, i.e. whether it will fit into RAM.
From @tijnkooijmans on March 17, 2016 11:33
Great, thanks! Looking forward to test if you can make this work.
Did you get a chance to look into this? Thanks!
Should be fixed in latest version.