Michael and anyone else who's game: I now have an updated mongoose-wolfssl branch ready to be tested. The reason for the 90-second lockup mentioned in the previous post is a whole lot of math for a prime-number validation that's part of the Diffie-Hellman step. It was actually 87 seconds for Mark's server and 28 seconds for Michael's due to differences in certificates. That prime-number validation is required for FIPS compliance, which WolfSSL supports, but we don't need it. I spent quite a while digging into this to find where the process was getting stuck. Finally I got help from WolfSSL support suggesting a configuration option that avoids this extra check. So now I have an implementation using mongoose with wolfssl that connects successfully to both servers with a 3-4 second delay. (I don't recall what the delay was for the MBEDTLS-based implementation.) I think the memory usage looks OK. I still have not taken any steps to reduce any resources used by the MBEDTLS code as accessed for other purposes. Included in the debugging was another version update on the Wolf code to wolfssh 1.4.6 and wolfssl 4.7.0. -- Steve On Wed, 3 Mar 2021, Stephen Casner wrote:
Mark,
Thanks. That fix avoids the signature error. I still have the problem that the TLS handshake gets only part way through and then the network task gets locked up for 90 seconds. It's not always in the same place in the log, but since ~100 log messages get lost when this occurs, I can't be sure where it happens. It could be a timing dependency between a couple of events such that in some circumstances a blocking operation is executed.
-- Steve