Hello,
I decreased file upload time from 15 min to 7 min using the 3.6.2 I think enabling the define MBEDTLS_GCM_LARGE_TABLE.
Anyway there is still a difference respect to 2.16.2 version that is taking 4 min to transfer the same amount of data. And without https it takes only 1m 30s.
I am trying to use the same configuration between 2.16.2 and 3.6.2 version (attached), in particular the same chiper suite:
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
any other suggestion ?
Why this difference between 2.16.2 and 3.6.2 ?
Thank you
Il giorno mer 22 gen 2025 alle ore 21:47 Stefano Tebaldi steteb@gmail.com ha scritto:
I don't know if it can help, anyway I am using TLS 1.2 and certificate is Elliptic Curve secp256r1
Il giorno mer 22 gen 2025 alle ore 20:07 Stefano Tebaldi steteb@gmail.com ha scritto:
Hello,
thank you.
sorry, my previous mbedTLS version was 2.16.2 not 2.6.2.
I suspect the new version is using a different algorithm to encrypt data. Where can I check it ? What is the part of mbedTLS code that implements that ?
I don't think before it was using hardware, I didn't configure the library to do that or I didn't do anything to do that. I think the new version is probably using a different algorithm that is slower.
my config files can be opened with a text editor like notepad, I simply rename them.
Il giorno mar 21 gen 2025 alle ore 20:28 Michael Richardson < mcr@sandelman.ca> ha scritto:
Stefano Tebaldi via mbed-tls mbed-tls@lists.trustedfirmware.org wrote: > I recently updated mbedTLS library version 2.6.2 to 3.6.2. I am using the > library to add https to Mongoose web server on a STM32H753 with FreeRTOS + > LWIP.
I would start by checking on your server side logs (might need debug logs) to see what algorithms were negotiated. Are they the same?
> 2.6.2 was generated in a IAR project using STMCubeMX. > What I am noticing is that file transfer performance has gottenmuch worse. > With version 2.6.2 it took a few minutes to transfer a file of around 33 > MB, now with version 3.6.2 it takes around 15 min. What could this depend > on? Attached is the configuration used for the two versions. The > certificate for https is EC curve secp256r1.
My guess is that you were formerly benefitting from accelerated symmetric cipher and now you are not. Either because 3.x was not configured to use the hardware, or because a different cipher was selected which is not accelerated.
(I didn't look at your configs. Maybe you should use text/plain for a configuration, not octet-stream)