Hello,
Our devices are connecting to AWS IoT Core.
Recently we had few customers with poor connection complaining
that the device didn't reconnect.
We are using ARM Keil MDK 8.1.0 + mbed TLS 3.6.4.
On Wireshark logs we have identified 2 errors:
- close notify from server after client hello
- bad certificate or unknown CA from client after server hello
The
device was stuck on one of these errors and only a reboot would
fix it.
I think these 2 errors are not related.
On detail analysis for the first error, we saw that the cipher
suites list was missing and that was the reason for close notify
from server.
Looking at the TLS code saw that the list is being created only
one time after reboot.
So in ssl_ciphersuites.c just commented out supported_init = 1 and
now seems to be good.
I do not know the reason why the list was lost during runtime.
For the second error, we were able to reproduce the problem quite
consistently.
Some logs at IoT client code showed that somehow the TLS lost the
ability to parse properly the server certificates.
I believe that this was some memory allocation problem, so I've
configured the mbed TLS to get allocation from a separate buffer
and that seems to fix the problem.
This buffer has to be quite large, 56k size. Any smaller size
would return memory allocation failure.
Any reason why it has to be so big?
Just want to know if someone had before these issues and if I can
lower the buffer.
Let me know if you need extra details about the problems.
Thank you and regards,
Milo
--
 |
Milorad Podoaba
Firmware
System Engineer
Arrowhead
Alarm Products Ltd.
|
|
|
|
|
|
|
|
|
|
--