Hi,
The packet size limitations can be accommodated by using the Maximum Fragment Length extension (https://tools.ietf.org/html/rfc6066#section-4, enabled by MBEDTLS_SSL_MAX_FRAGMENT_LENGTH in Mbed TLS). In Mbed TLS this is only implemented for application data and DTLS handshake messages so far, and therefore you will need to use DTLS. Also the negotiation is driven by the client and it needs to be enabled both on the server and on the client.
(See the documentation of mbedtls_ssl_conf_max_frag_len() for more details.)
I hope that helps, Janos
From: mbed-tls mbed-tls-bounces@lists.trustedfirmware.org on behalf of "Fatima, Fariya via mbed-tls" mbed-tls@lists.trustedfirmware.org Reply to: "Fatima, Fariya" Fariya.Fatima@Carrier.com Date: Tuesday, 23 June 2020 at 11:47 To: "mbed-tls@lists.trustedfirmware.org" mbed-tls@lists.trustedfirmware.org Subject: Re: [mbed-tls] BLE and Mbed TLS
Hi,
Can anyone help if mbedTLS TLS/DTLS code would work on top of BLE (specifically SPP). I am not sure if the packet size limitation on SPP would make TLS work.. any pointers anyone? Would be really helpful.
Regards, Fariya
From: Fatima, Fariya Sent: Monday, June 15, 2020 9:21 AM To: 'mbed-tls@lists.trustedfirmware.org' mbed-tls@lists.trustedfirmware.org Subject: BLE and Mbed TLS
Hi,
I wanted to use TLS over BLE application. When I googled, I figured out that MbedTLS can work on BLE. If someone can share a sample application where-in MbedTLS APIs are used as part of a BT/BLE application, it will be of great help.
Regards, Fariya
Hi,
I see the MBEDTLS_SSL_MAX_FRAGMENT_LENGTH can be defined to be either 512, 1024, 2048 or 4096. Can this be modified to like 256 as well? Any idea?
Regards, Fariya
From: Janos Follath [mailto:Janos.Follath@arm.com] Sent: Tuesday, June 23, 2020 4:53 PM To: Fatima, Fariya Fariya.Fatima@Carrier.com; mbed-tls@lists.trustedfirmware.org Subject: [External] Re: [mbed-tls] BLE and Mbed TLS
Hi,
The packet size limitations can be accommodated by using the Maximum Fragment Length extension (https://tools.ietf.org/html/rfc6066#section-4https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc6066-23section-2D4&d=DwMGaQ&c=ilBQI1lupc9Y65XwNblLtw&r=jYpVtyApDXCU-5AUYFvZm54HyKeP1WugSx3j-F5hJxc&m=ZTXJ4lfeBuLgeFEuxRnC0jpf2xJTJFjU3-0QGgwJdyo&s=0Q-72jHUbvInM4q8R1E5dGfoGqTnK58fwwmqi9b25Bs&e=, enabled by MBEDTLS_SSL_MAX_FRAGMENT_LENGTH in Mbed TLS). In Mbed TLS this is only implemented for application data and DTLS handshake messages so far, and therefore you will need to use DTLS. Also the negotiation is driven by the client and it needs to be enabled both on the server and on the client.
(See the documentation of mbedtls_ssl_conf_max_frag_len() for more details.)
I hope that helps, Janos
From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.orgmailto:mbed-tls-bounces@lists.trustedfirmware.org> on behalf of "Fatima, Fariya via mbed-tls" <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Reply to: "Fatima, Fariya" <Fariya.Fatima@Carrier.commailto:Fariya.Fatima@Carrier.com> Date: Tuesday, 23 June 2020 at 11:47 To: "mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org" <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: Re: [mbed-tls] BLE and Mbed TLS
Hi,
Can anyone help if mbedTLS TLS/DTLS code would work on top of BLE (specifically SPP). I am not sure if the packet size limitation on SPP would make TLS work.. any pointers anyone? Would be really helpful.
Regards, Fariya
From: Fatima, Fariya Sent: Monday, June 15, 2020 9:21 AM To: 'mbed-tls@lists.trustedfirmware.org' <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: BLE and Mbed TLS
Hi,
I wanted to use TLS over BLE application. When I googled, I figured out that MbedTLS can work on BLE. If someone can share a sample application where-in MbedTLS APIs are used as part of a BT/BLE application, it will be of great help.
Regards, Fariya
Hi,
No, unfortunately 512 is the smallest that this extension can do. This is one of the limitations of the maximum fragment length extension. To address all the shortcomings a new extension called Record Size Limit (RFC 8449) was proposed. This can set the limit to anything between 64 and 64k. The record size limit extension is not implemented in Mbed TLS yet.
Regards, Janos
From: "Fatima, Fariya" Fariya.Fatima@Carrier.com Date: Tuesday, 23 June 2020 at 12:32 To: Janos Follath Janos.Follath@arm.com, "mbed-tls@lists.trustedfirmware.org" mbed-tls@lists.trustedfirmware.org Subject: RE: [mbed-tls] BLE and Mbed TLS
Hi,
I see the MBEDTLS_SSL_MAX_FRAGMENT_LENGTH can be defined to be either 512, 1024, 2048 or 4096. Can this be modified to like 256 as well? Any idea?
Regards, Fariya
From: Janos Follath [mailto:Janos.Follath@arm.com] Sent: Tuesday, June 23, 2020 4:53 PM To: Fatima, Fariya Fariya.Fatima@Carrier.com; mbed-tls@lists.trustedfirmware.org Subject: [External] Re: [mbed-tls] BLE and Mbed TLS
Hi,
The packet size limitations can be accommodated by using the Maximum Fragment Length extension (https://tools.ietf.org/html/rfc6066#section-4https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc6066-23section-2D4&d=DwMGaQ&c=ilBQI1lupc9Y65XwNblLtw&r=jYpVtyApDXCU-5AUYFvZm54HyKeP1WugSx3j-F5hJxc&m=ZTXJ4lfeBuLgeFEuxRnC0jpf2xJTJFjU3-0QGgwJdyo&s=0Q-72jHUbvInM4q8R1E5dGfoGqTnK58fwwmqi9b25Bs&e=, enabled by MBEDTLS_SSL_MAX_FRAGMENT_LENGTH in Mbed TLS). In Mbed TLS this is only implemented for application data and DTLS handshake messages so far, and therefore you will need to use DTLS. Also the negotiation is driven by the client and it needs to be enabled both on the server and on the client.
(See the documentation of mbedtls_ssl_conf_max_frag_len() for more details.)
I hope that helps, Janos
From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.orgmailto:mbed-tls-bounces@lists.trustedfirmware.org> on behalf of "Fatima, Fariya via mbed-tls" <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Reply to: "Fatima, Fariya" <Fariya.Fatima@Carrier.commailto:Fariya.Fatima@Carrier.com> Date: Tuesday, 23 June 2020 at 11:47 To: "mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org" <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: Re: [mbed-tls] BLE and Mbed TLS
Hi,
Can anyone help if mbedTLS TLS/DTLS code would work on top of BLE (specifically SPP). I am not sure if the packet size limitation on SPP would make TLS work.. any pointers anyone? Would be really helpful.
Regards, Fariya
From: Fatima, Fariya Sent: Monday, June 15, 2020 9:21 AM To: 'mbed-tls@lists.trustedfirmware.org' <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Subject: BLE and Mbed TLS
Hi,
I wanted to use TLS over BLE application. When I googled, I figured out that MbedTLS can work on BLE. If someone can share a sample application where-in MbedTLS APIs are used as part of a BT/BLE application, it will be of great help.
Regards, Fariya
mbed-tls@lists.trustedfirmware.org
-
Fatima, Fariya -
Janos Follath