1 Topic by ajaygargnsit (edited by ajaygargnsit 2017-11-23 11:33:13)

  • Registered: 2017-11-14
  • Posts: 21

Topic: [SOLVED] Which cipher-suite has lowest memory requirement?

Hi All.

We are trying to integrate wolfSSL in our framework, so that the framework is easy to integrate with ANY system.
For whatever device/system we port our framework for, the device/system will connect to our proprietary server only.

Now, assuming our server supports all cipher-suites/encryption-algorithms, which cipher-suite/encryption-algorithm (on the device/system) will generally have the lowest memory-requirements (mainly applicable during wolfSSL_connect stage)? I ask this, because if a particular cipher-suite/encryption-algorithm does have the lowest memory-requirements as compared to others (and provided our server supports that cipher-suite/encryption-algorithm), then we would enable ONLY that cipher-suite/encryption-algorithm in our framework (thus enabling minimum memory requirement across all devices/systems).


Sorry if I am asking a stupid question.


Thanks and Regards,
Ajay

Share

  • Registered: 2017-11-14
  • Posts: 21

Re: [SOLVED] Which cipher-suite has lowest memory requirement?

Hi All.

Sorry for the stupid questions, but the reason I ask is because the step 2) as per https://www.ibm.com/support/knowledgece … 10660_.htm , requires about 17 KB (16384 bytes to be exact) for server-digital-certificate exchange .

Above is fine for OSes like Ubuntu, but on SOCs running FreeRTOS+Lwip, this means ::

* At least 17 KB of RAM/Heap in user-space
* At least #define TCP_MSS 17000 in lwipopts.h


So, not feasible.


So, if I may frame my question more appropriately,

Does TLS always require an exchange of server-digital-certificate, or there are certain cipher-suites which do not require this server-digital-certificate exchange (in context of wolfSSL)?


Again, kindly forgive this noob for asking such basic questions.


Thanks and Regards,
Ajay

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: [SOLVED] Which cipher-suite has lowest memory requirement?

Hi ajay,

PSK cipher suites will always use less resources due to the fact they do not need to send and process certificates for peer verification.

ECC cipher suites (ECDSA) would be the next smallest and then RSA the largest.

Here are some quick tests I ran with our example client/server. Pay attention to the "PEAK BYTES". The top results are the server-side usage and the bottom are the client-side usage in each sub-section.

Let me know if you have any other questions on these!

testing cipher suite DHE-PSK-AES256-GCM-SHA384 -s
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
SSL DH size is 2048 bits
Client message: hello wolfssl!
total   Allocs   =        40
total   Deallocs =        40
total   Bytes    =     14294
peak    Bytes    =      8595
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
SSL DH size is 2048 bits
I hear you fa shizzle!
total   Allocs   =        45
total   Deallocs =        45
total   Bytes    =     11124
peak    Bytes    =      9763
current Bytes    =         0

---------------------------------------------------

testing cipher suite DHE-PSK-AES128-GCM-SHA256 -s
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
SSL DH size is 2048 bits
Client message: hello wolfssl!
total   Allocs   =        40
total   Deallocs =        40
total   Bytes    =     14294
peak    Bytes    =      8595
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
SSL DH size is 2048 bits
I hear you fa shizzle!
total   Allocs   =        45
total   Deallocs =        45
total   Bytes    =     11124
peak    Bytes    =      9763
current Bytes    =         0

---------------------------------------------------

testing cipher suite DHE-PSK-AES256-CBC-SHA384 -s
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
SSL DH size is 2048 bits
Client message: hello wolfssl!
total   Allocs   =        36
total   Deallocs =        36
total   Bytes    =     14286
peak    Bytes    =      8595
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
SSL DH size is 2048 bits
I hear you fa shizzle!
total   Allocs   =        41
total   Deallocs =        41
total   Bytes    =     11123
peak    Bytes    =      9763
current Bytes    =         0

---------------------------------------------------

testing cipher suite DHE-PSK-AES128-CBC-SHA256 -s
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
SSL DH size is 2048 bits
Client message: hello wolfssl!
total   Allocs   =        36
total   Deallocs =        36
total   Bytes    =     14270
peak    Bytes    =      8595
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
SSL DH size is 2048 bits
I hear you fa shizzle!
total   Allocs   =        41
total   Deallocs =        41
total   Bytes    =     11107
peak    Bytes    =      9763
current Bytes    =         0

---------------------------------------------------

testing cipher suite DHE-RSA-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL DH size is 2048 bits
Client message: hello wolfssl!
total   Allocs   =        57
total   Deallocs =        57
total   Bytes    =     50061
peak    Bytes    =     23544
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL DH size is 2048 bits
I hear you fa shizzle!
total   Allocs   =        92
total   Deallocs =        92
total   Bytes    =     64959
peak    Bytes    =     24343
current Bytes    =         0

---------------------------------------------------

testing cipher suite DHE-RSA-AES256-GCM-SHA384
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
SSL DH size is 2048 bits
Client message: hello wolfssl!
total   Allocs   =        57
total   Deallocs =        57
total   Bytes    =     50061
peak    Bytes    =     23544
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
SSL DH size is 2048 bits
I hear you fa shizzle!
total   Allocs   =        92
total   Deallocs =        92
total   Bytes    =     64959
peak    Bytes    =     24343
current Bytes    =         0

---------------------------------------------------

testing cipher suite ECDHE-RSA-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Client message: hello wolfssl!
total   Allocs   =        74
total   Deallocs =        74
total   Bytes    =     86151
peak    Bytes    =     35345
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
I hear you fa shizzle!
total   Allocs   =        99
total   Deallocs =        99
total   Bytes    =    102834
peak    Bytes    =     46123
current Bytes    =         0

---------------------------------------------------

testing cipher suite ECDHE-RSA-AES256-GCM-SHA384
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL curve name is SECP256R1
I hear you fa shizzle!
total   Allocs   =        99
total   Deallocs =        99
total   Bytes    =    102834
peak    Bytes    =     46123
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL curve name is SECP256R1
Client message: hello wolfssl!
total   Allocs   =        74
total   Deallocs =        74
total   Bytes    =     86151
peak    Bytes    =     35345
current Bytes    =         0

---------------------------------------------------

testing cipher suite ECDHE-RSA-AES128-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
SSL curve name is SECP256R1
Client message: hello wolfssl!
total   Allocs   =        70
total   Deallocs =        70
total   Bytes    =     86127
peak    Bytes    =     35345
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
SSL curve name is SECP256R1
I hear you fa shizzle!
total   Allocs   =        95
total   Deallocs =        95
total   Bytes    =    102817
peak    Bytes    =     46123
current Bytes    =         0

---------------------------------------------------

testing cipher suite ECDHE-RSA-AES256-SHA384
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
SSL curve name is SECP256R1
Client message: hello wolfssl!
total   Allocs   =        71
total   Deallocs =        71
total   Bytes    =     86239
peak    Bytes    =     35345
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
SSL curve name is SECP256R1
I hear you fa shizzle!
total   Allocs   =        95
total   Deallocs =        95
total   Bytes    =    102833
peak    Bytes    =     46123
current Bytes    =         0

---------------------------------------------------

testing cipher suite ECDHE-RSA-CHACHA20-POLY1305
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
SSL curve name is SECP256R1
Client message: hello wolfssl!
total   Allocs   =        71
total   Deallocs =        71
total   Bytes    =     85709
peak    Bytes    =     35345
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
SSL curve name is SECP256R1
I hear you fa shizzle!
total   Allocs   =        96
total   Deallocs =        96
total   Bytes    =    102392
peak    Bytes    =     46123
current Bytes    =         0

---------------------------------------------------

testing cipher suite ECDHE-RSA-CHACHA20-POLY1305-OLD
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
SSL curve name is SECP256R1
I hear you fa shizzle!
total   Allocs   =        96
total   Deallocs =        96
total   Bytes    =    102392
peak    Bytes    =     46123
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
SSL curve name is SECP256R1
Client message: hello wolfssl!
total   Allocs   =        71
total   Deallocs =        71
total   Bytes    =     85709
peak    Bytes    =     35345
current Bytes    =         0

---------------------------------------------------

testing cipher suite DHE-RSA-CHACHA20-POLY1305-OLD
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
SSL DH size is 2048 bits
Client message: hello wolfssl!
total   Allocs   =        63
total   Deallocs =        63
total   Bytes    =     49819
peak    Bytes    =     23744
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
SSL DH size is 2048 bits
I hear you fa shizzle!
total   Allocs   =        89
total   Deallocs =        89
total   Bytes    =     64547
peak    Bytes    =     24343
current Bytes    =         0

---------------------------------------------------

testing cipher suite ECDHE-PSK-AES128-CBC-SHA256 -s
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
SSL curve name is SECP256R1
Client message: hello wolfssl!
total   Allocs   =        54
total   Deallocs =        54
total   Bytes    =     50880
peak    Bytes    =     30820
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
SSL curve name is SECP256R1
I hear you fa shizzle!
total   Allocs   =        48
total   Deallocs =        48
total   Bytes    =     48982
peak    Bytes    =     31076
current Bytes    =         0

---------------------------------------------------

testing cipher suite PSK-CHACHA20-POLY1305 -s
SSL version is TLSv1.2
SSL cipher suite is TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
Client message: hello wolfssl!
total   Allocs   =        41
total   Deallocs =        41
total   Bytes    =      8338
peak    Bytes    =      7079
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
I hear you fa shizzle!
total   Allocs   =        36
total   Deallocs =        36
total   Bytes    =      6691
peak    Bytes    =      5850
current Bytes    =         0

---------------------------------------------------

testing cipher suite ECDHE-PSK-CHACHA20-POLY1305 -s
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
SSL curve name is SECP256R1
Client message: hello wolfssl!
total   Allocs   =        55
total   Deallocs =        55
total   Bytes    =     50462
peak    Bytes    =     30820
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
SSL curve name is SECP256R1
I hear you fa shizzle!
total   Allocs   =        49
total   Deallocs =        49
total   Bytes    =     48557
peak    Bytes    =     31076
current Bytes    =         0

---------------------------------------------------

testing cipher suite DHE-PSK-CHACHA20-POLY1305 -s
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
SSL DH size is 2048 bits
Client message: hello wolfssl!
total   Allocs   =        46
total   Deallocs =        46
total   Bytes    =     14052
peak    Bytes    =      8795
current Bytes    =         0
SSL version is TLSv1.2
SSL cipher suite is TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
SSL DH size is 2048 bits
I hear you fa shizzle!
total   Allocs   =        42
total   Deallocs =        42
total   Bytes    =     10712
peak    Bytes    =      9763
current Bytes    =         0

Kaleb J. Himes's Website

Share

4 Reply by Kaleb J. Himes (edited by Kaleb J. Himes 2017-11-27 15:36:40)

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: [SOLVED] Which cipher-suite has lowest memory requirement?

Hi Ajay,

To test these yourself you can do the following:

cd wolfssl
./configure --enable-trackmemory
make
./examples/server/server -l <cipher suite to test> -c <certs/server-cert.pem or correct cert or -s w/ nothing instead of -c for PSK> -k <key or nothing for PSK> -d &
./examples/client/client -l <cipher suite to test> -c <certs/rsa or ecc cert.pem or -s with nothing instead of -c for PSK> -k <key or nothing for PSK> -A <certs/cert authority file>

EXAMPLE:

PSK:

./examples/server/server -l DHE-PSK-AES256-GCM-SHA384 -s -d &
./examples/client/client -l DHE-PSK-AES256-GCM-SHA384 -s

RSA: (default certs used here)

./examples/server/server -l DHE-RSA-AES128-SHA256 -d &
./examples/client/client -l DHE-RSA-AES128-SHA256

ECC:

./examples/server/server -l ECDHE-ECDSA-AES128-GCM-SHA256 -c certs/server-ecc-self.pem -k certs/ecc-key.pem -d &
 ./examples/client/client -l ECDHE-ECDSA-AES128-GCM-SHA256 -c certs/client-ecc-cert.pem -k certs/ecc-client-key.pem -A certs/server-ecc-self.pem
# SERVER 
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1

# CLIENT
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1

# SERVER
Client message: hello wolfssl!
total   Allocs   =        74
I hear you fa shizzle!
total   Deallocs =        74
total   Bytes    =     77118
peak    Bytes    =     32731
current Bytes    =         0

# CLIENT
total   Allocs   =       131
total   Deallocs =       131
total   Bytes    =    192979
peak    Bytes    =     76275
current Bytes    =         0

NOTE: if you define ALT_ECC_SIZE that last one get's highly optimized to just:

# SERVER
total   Allocs   =        74
total   Deallocs =        74
total   Bytes    =     25822
peak    Bytes    =     12315
current Bytes    =         0

# CLIENT
total   Allocs   =       131
total   Deallocs =       131
total   Bytes    =     51835
peak    Bytes    =     19355
current Bytes    =         0

Regards,

Kaleb

Kaleb J. Himes's Website

Share

  • Registered: 2017-11-14
  • Posts: 21

Re: [SOLVED] Which cipher-suite has lowest memory requirement?

Thanks Kaleb for the WONDERFUL reply.
Thanks a ton for taking out the time for such exhaustively useful post !!!

In my particular case, I disabled client-certificate-authorization at the server.
That lowered the wolfSSL_connect bytes-exchanges from 17 KB to just 5 KB (as the server stopped sending the long list of allowed client-certificate-CA-names).

ajay@ajay-HP-15-Notebook-PC:~$ openssl s_client -connect device.instamsg.io:8883
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=instamsg.io
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgIQQsXI79FMuyB92lRe0JjLYjANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xNzAyMDIwMDAwMDBaFw0yMDAzMDMyMzU5NTlaMFwxITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEhMB8GA1UECxMYUG9zaXRpdmVTU0wgTXVs
dGktRG9tYWluMRQwEgYDVQQDEwtpbnN0YW1zZy5pbzCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAL87Q4NFR/U4rwIgn9MQqJDxj1PX6qpQ2vmUoNRnF71G
RI3mussdOa6vfkL64zUqpY/0G9QSLoV0Zj510X2FXeEaKbyUnOz1kbIYmQZs3rvi
P8Ou9052U70EeAoKxq2sJwUAxWBk2UkJJrCquYIUfqSUh6URzG1jJdzIxTkU1Mq4
nj2JAiJqtCcMm0pD0Tvrc9J/7bEx7N1/ldWG7cZqyQtD99ghwLsu4PvgF3tmDjJ5
8zDvmB4faesKRU9zdt04vQZj56yJTsO5j1OcHcQK+XoJljiagyQVPse+nOGFYnHU
xYCd6SV9eq1O9z0WhVOhkXsgedjMqpuhh7qV7l7oBfcCAwEAAaOCAgMwggH/MB8G
A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSskCojIof2
LWYPlxTrJt8xFNPZMjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIx
AQICBzArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQ
UzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9j
YS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy
bDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9k
b2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0Eu
Y3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wUQYDVR0R
BEowSIILaW5zdGFtc2cuaW+CD2FwaS5pbnN0YW1zZy5pb4ISZGV2aWNlLmluc3Rh
bXNnLmlvghRwbGF0Zm9ybS5pbnN0YW1zZy5pbzANBgkqhkiG9w0BAQsFAAOCAQEA
JR1sFZ7kJGQwVuovmvGW1e+uEOEv+efVynekmMQp6UWWSfUBsGPXc64WwAlAQ3y9
hWkxUq7No4Oaf1jHg0VYukxSykbxVllMhsc2mZ2afOEjVYu6xAxzOzlFQ0748Q4F
RwkasGAhsWMOqcRWHrDwJ/Lqy9o36OYF3ZxvMe7u557CNaS2ua1AiXc3WzfTPovu
O9yC/xghDEZ1EAZqILr75CcDwPR9Gs1nlJJTFWGhUmp+OiwTiGKz9yg9RfrPEvBU
uytgDu7kSKkVo6J1L9lmFw/RAk98KPe4sR2zLPi3U+p1xajLK6rbrMZDXUyn8wN+
5snA04o4Dg9GPV/eakxBXA==
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=instamsg.io
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 4934 bytes and written 509 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-DES-CBC3-SHA
    Session-ID: 5A26271571D58DE8068741AD8E6B3DA949DEF9CCEB0B00906B884C5828F6B678
    Session-ID-ctx: 
    Master-Key: 0EBD937ADC38D5795F2AADDBAADE67CB49C70AF6F78B4775E3EBAB0A816CAC01374094534664A4C32B4B8D73BE8212BE
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1512449813
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---

Curently, No client certificate CA names sent is sent.
Earlier (with client-cert-authorization optional at server), server used to send a LOONGG list of allowed-CAs.

Once again, thanks a ton for your time.
Please mark this thread as solved.


Thanks and Regards,
Ajay

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: [SOLVED] Which cipher-suite has lowest memory requirement?

Ajay,

It is my pleasure. Thank you for using wolfSSL support forums!


Happy Holidays and Cheers,

Kaleb

Kaleb J. Himes's Website

Share