If you are asking a question, please follow this template:
My goal
Hand over the BLE payload to a webservice
My actions are:
The trimmed version looks like this:
if (event === GATTS.EV_WRITE) {
HTTP.query({
url: httpProt + "://" + httpHost + ":" + httpPort + pathRequest,
headers: http_headers(),
data: { jwt: arg.data },
success: function (body, full_http_msg) {...},
error: function (err) {...}
})
};
return GATT.STATUS_OK;
}
The result I see is:
The log of a request on a non-encrypted connection using HTTP looks like this:
[Jan 31 16:06:11.253] init.js:193 BLE: Received
[Jan 31 16:06:11.620] mongoose.c:3139 0x3ffd8698 192.168.0.31:80 -,-,-
[Jan 31 16:06:11.623] mongoose.c:3007 0x3ffd8698 tcp://192.168.0.31:80
[Jan 31 16:06:11.648] mongoose.c:3022 0x3ffd8698 tcp://192.168.0.31:80 -> 0
[Jan 31 16:06:11.996] init.js:53 BLE responder: Sending following status to device: PROCESSING
(DELAY IS around 100ms)
[Jan 31 16:06:12.031] init.js:87 HTTP: Server replied with: {"error_details":null,"result":"SUCCESS"}
When I do the same request towards a 2048Bit RSA encrypted TLS API, I get:
[Jan 31 16:30:31.623]mongoose.c: 3139 0x3ffd8268 192.168.0.31: 444 -, -, ca.pem
[Jan 31 16:30:31.626]mgos_vfs.c: 283 ca.pem -> /ca.pem pl 1 -> 1 0x3ffbab14 (refs 1)
[Jan 31 16:30:31.635]mgos_vfs_fs_spiffs.: 838 ca.pem -> 8862KsCeYny / bF3ubqw3sMUTAhbxKHxXmU74lgpUgE8=
[Jan 31 16: 30: 31.658] mgos_vfs.c: 377 open ca.pem 0x0 0x1b6 => 0x3ffbab14 ca.pem 1 => 257(refs 1)
[Jan 31 16:30:31.664]mgos_vfs.c: 410 close 257 => 0x3ffbab14: 1 => 0(refs 0)
[Jan 31 16:30:31.670]mongoose.c: 3007 0x3ffd8268 tcp://192.168.0.31:444
[Jan 31 16:30:31.692]mongoose.c: 3022 0x3ffd8268 tcp://192.168.0.31:444 -> 0
[Jan 31 16:30:31.717] mongoose.c: 4906 0x3ffd8268 ciphersuite: TLS - ECDHE - RSA - WITH - AES - 128 - GCM - SHA256
[Jan 31 16:30:31.727]mgos_vfs.c: 283 ca.pem -> /ca.pem pl 1 -> 1 0x3ffbab14 (refs 1)
[Jan 31 16:30:31.733]mgos_vfs_fs_spiffs.: 838 ca.pem -> 8862KsCeYny / bF3ubqw3sMUTAhbxKHxXmU74lgpUgE8=
[Jan 31 16:30:31.740] mgos_vfs.c: 377 open ca.pem 0x0 0x1b6 => 0x3ffbab14 ca.pem 1 => 257(refs 1)
[Jan 31 16:30:31.749]mgos_vfs.c: 536 fstat 257 => 0x3ffbab14: 1 => 0(size 41095)
(DELAY IS around 2.000ms)
[Jan 31 16:30:33.877]mgos_vfs.c: 410 close 257 => 0x3ffbab14: 1 => 0(refs 0)
[Jan 31 16:30:34.860]init.js: 87 HTTP: Server replied with: { "error_details": null, "result": "SUCCESS" }
When I do the same request towards a 4096Bit RSA encrypted TLS API, I get:
[Jan 31 15:53:17.236] mongoose.c:3139 0x3ffd7cb4 192.168.0.31:443 -,-,ca.pem
[Jan 31 15:53:17.239] mgos_vfs.c:283 ca.pem -> /ca.pem pl 1 -> 1 0x3ffbab14 (refs 1)
[Jan 31 15:53:17.248] mgos_vfs_fs_spiffs.:838 ca.pem -> 8862KsCeYny/bF3ubqw3sMUTAhbxKHxXmU74lgpUgE8=
[Jan 31 15:53:17.271] mgos_vfs.c:377 open ca.pem 0x0 0x1b6 => 0x3ffbab14 ca.pem 1 => 257 (refs 1)
[Jan 31 15:53:17.277] mgos_vfs.c:410 close 257 => 0x3ffbab14:1 => 0 (refs 0)
[Jan 31 15:53:17.283] mongoose.c:3007 0x3ffd7cb4 tcp://192.168.0.31:443
[Jan 31 15:53:17.305] mongoose.c:3022 0x3ffd7cb4 tcp://192.168.0.31:443 -> 0
[Jan 31 15:53:17.368] mongoose.c:4906 0x3ffd7cb4 ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
[Jan 31 15:53:17.379] mgos_vfs.c:283 ca.pem -> /ca.pem pl 1 -> 1 0x3ffbab14 (refs 1)
[Jan 31 15:53:17.385] mgos_vfs_fs_spiffs.:838 ca.pem -> 8862KsCeYny/bF3ubqw3sMUTAhbxKHxXmU74lgpUgE8=
[Jan 31 15:53:17.392] mgos_vfs.c:377 open ca.pem 0x0 0x1b6 => 0x3ffbab14 ca.pem 1 => 257 (refs 1)
[Jan 31 15:53:17.401] mgos_vfs.c:536 fstat 257 => 0x3ffbab14:1 => 0 (size 41095)
(DELAY IS around 2.500ms)
[Jan 31 15:53:20.194] mgos_vfs.c:564 lseek 257 0 1 => 0x3ffbab14:1 => 37248
[Jan 31 15:53:20.197] mgos_vfs.c:564 lseek 257 37212 0 => 0x3ffbab14:1 => 37212
[Jan 31 15:53:20.206] mgos_vfs.c:410 close 257 => 0x3ffbab14:1 => 0 (refs 0)
[Jan 31 15:53:21.743] mgos_mongoose.c:66 New heap free LWM: 4292176
[Jan 31 15:53:22.215] init.js:87 HTTP: Server replied with: {"error_details":null,"result":"SUCCESS"}
My expectation & question is
I’m using an Olimex ESP32 PoE WROVER and was wondering how I can adjust the ciphersuite (TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
), so that I get the 2 second delay to a more acceptable timing (best care below 500ms). I wouldn’t like to run my traffic unencrypted.
Or any other idea is also welcome
Thanks a lot for your support!