Decrease response time with TLS based HTTP connections?

If you are asking a question, please follow this template:

My goal
Hand over the BLE payload to a webservice

My actions are:
The trimmed version looks like this:

if (event === GATTS.EV_WRITE) {
  HTTP.query({
      url: httpProt + "://" + httpHost + ":" + httpPort + pathRequest,
      headers: http_headers(),
      data: { jwt: arg.data },
      success: function (body, full_http_msg) {...},
      error: function (err) {...}
    })
  };

  return GATT.STATUS_OK;
}

The result I see is:
The log of a request on a non-encrypted connection using HTTP looks like this:

[Jan 31 16:06:11.253] init.js:193             BLE: Received 
[Jan 31 16:06:11.620] mongoose.c:3139         0x3ffd8698 192.168.0.31:80 -,-,-
[Jan 31 16:06:11.623] mongoose.c:3007         0x3ffd8698 tcp://192.168.0.31:80
[Jan 31 16:06:11.648] mongoose.c:3022         0x3ffd8698 tcp://192.168.0.31:80 -> 0
[Jan 31 16:06:11.996] init.js:53              BLE responder: Sending following status to device: PROCESSING

  (DELAY IS around 100ms)

[Jan 31 16:06:12.031] init.js:87              HTTP: Server replied with: {"error_details":null,"result":"SUCCESS"}

When I do the same request towards a 2048Bit RSA encrypted TLS API, I get:

[Jan 31 16:30:31.623]mongoose.c: 3139         0x3ffd8268 192.168.0.31: 444 -, -, ca.pem
[Jan 31 16:30:31.626]mgos_vfs.c: 283          ca.pem -> /ca.pem pl 1 -> 1 0x3ffbab14 (refs 1)
[Jan 31 16:30:31.635]mgos_vfs_fs_spiffs.: 838 ca.pem -> 8862KsCeYny / bF3ubqw3sMUTAhbxKHxXmU74lgpUgE8=
[Jan 31 16: 30: 31.658] mgos_vfs.c: 377          open ca.pem 0x0 0x1b6 => 0x3ffbab14 ca.pem 1 => 257(refs 1)
[Jan 31 16:30:31.664]mgos_vfs.c: 410          close 257 => 0x3ffbab14: 1 => 0(refs 0)
[Jan 31 16:30:31.670]mongoose.c: 3007         0x3ffd8268 tcp://192.168.0.31:444
[Jan 31 16:30:31.692]mongoose.c: 3022         0x3ffd8268 tcp://192.168.0.31:444 -> 0
[Jan 31 16:30:31.717] mongoose.c: 4906         0x3ffd8268 ciphersuite: TLS - ECDHE - RSA - WITH - AES - 128 - GCM - SHA256
[Jan 31 16:30:31.727]mgos_vfs.c: 283          ca.pem -> /ca.pem pl 1 -> 1 0x3ffbab14 (refs 1)
[Jan 31 16:30:31.733]mgos_vfs_fs_spiffs.: 838 ca.pem -> 8862KsCeYny / bF3ubqw3sMUTAhbxKHxXmU74lgpUgE8=
[Jan 31 16:30:31.740] mgos_vfs.c: 377          open ca.pem 0x0 0x1b6 => 0x3ffbab14 ca.pem 1 => 257(refs 1)
[Jan 31 16:30:31.749]mgos_vfs.c: 536          fstat 257 => 0x3ffbab14: 1 => 0(size 41095)

  (DELAY IS around 2.000ms)

[Jan 31 16:30:33.877]mgos_vfs.c: 410          close 257 => 0x3ffbab14: 1 => 0(refs 0)
[Jan 31 16:30:34.860]init.js: 87              HTTP: Server replied with: { "error_details": null, "result": "SUCCESS" }

When I do the same request towards a 4096Bit RSA encrypted TLS API, I get:

[Jan 31 15:53:17.236] mongoose.c:3139         0x3ffd7cb4 192.168.0.31:443 -,-,ca.pem
[Jan 31 15:53:17.239] mgos_vfs.c:283          ca.pem -> /ca.pem pl 1 -> 1 0x3ffbab14 (refs 1)
[Jan 31 15:53:17.248] mgos_vfs_fs_spiffs.:838 ca.pem -> 8862KsCeYny/bF3ubqw3sMUTAhbxKHxXmU74lgpUgE8=
[Jan 31 15:53:17.271] mgos_vfs.c:377          open ca.pem 0x0 0x1b6 => 0x3ffbab14 ca.pem 1 => 257 (refs 1)
[Jan 31 15:53:17.277] mgos_vfs.c:410          close 257 => 0x3ffbab14:1 => 0 (refs 0)
[Jan 31 15:53:17.283] mongoose.c:3007         0x3ffd7cb4 tcp://192.168.0.31:443
[Jan 31 15:53:17.305] mongoose.c:3022         0x3ffd7cb4 tcp://192.168.0.31:443 -> 0
[Jan 31 15:53:17.368] mongoose.c:4906         0x3ffd7cb4 ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
[Jan 31 15:53:17.379] mgos_vfs.c:283          ca.pem -> /ca.pem pl 1 -> 1 0x3ffbab14 (refs 1)
[Jan 31 15:53:17.385] mgos_vfs_fs_spiffs.:838 ca.pem -> 8862KsCeYny/bF3ubqw3sMUTAhbxKHxXmU74lgpUgE8=
[Jan 31 15:53:17.392] mgos_vfs.c:377          open ca.pem 0x0 0x1b6 => 0x3ffbab14 ca.pem 1 => 257 (refs 1)
[Jan 31 15:53:17.401] mgos_vfs.c:536          fstat 257 => 0x3ffbab14:1 => 0 (size 41095)

  (DELAY IS around 2.500ms)

[Jan 31 15:53:20.194] mgos_vfs.c:564          lseek 257 0 1 => 0x3ffbab14:1 => 37248
[Jan 31 15:53:20.197] mgos_vfs.c:564          lseek 257 37212 0 => 0x3ffbab14:1 => 37212
[Jan 31 15:53:20.206] mgos_vfs.c:410          close 257 => 0x3ffbab14:1 => 0 (refs 0)
[Jan 31 15:53:21.743] mgos_mongoose.c:66      New heap free LWM: 4292176
[Jan 31 15:53:22.215] init.js:87              HTTP: Server replied with: {"error_details":null,"result":"SUCCESS"}

My expectation & question is

I’m using an Olimex ESP32 PoE WROVER and was wondering how I can adjust the ciphersuite (TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256), so that I get the 2 second delay to a more acceptable timing (best care below 500ms). I wouldn’t like to run my traffic unencrypted.

Or any other idea is also welcome :slight_smile:

Thanks a lot for your support!

MoS uses the processor support environment that its vendor provides
You use the ESP32
MoS uses Espressif IDF
the IDF uses MbedTLS I guess
you configure MbedTLS

BUT
An ESP32 is not a computer, it does have an EC accelerator and can run EC functions in a reasonable time. It sucks an anything other because it has to do it in software.

BTW, if you mean 2500ms, that is two thousand five hundred, twentyfive hundred, please don’t put a dot between the 2 and the 5, because in English that is decimal point.

That is still fast for a microcontroller. If you need faster response, use a computer like a Raspberry Pi

Hi @scaprile, thanks for taking your time to respond to my message. I thought something in that space as well.

Regarding the dot within 2500, I was trying to increase readbility by adding a decimal separator - sorry, that it seems to have added confusion.

Thanks for your effort!

In Spanish, Portuguese, and Italian, a comma means everything to the right are decimal places, engineers rarely use digit grouping. 1,0 means 1 and 1.000 means 1000 with fancy grouping.
In English, a dot means everything to the right are decimal places, engineers rarely use digit grouping. 1.0 means 1 and 1,000 means 1000 with fancy grouping.
I guess the rest of the world cultures use the same coding as Spanish, Portuguese, and Italian, but I don’t know.

Just try to keep the decimal point and digit grouping in the same language that you write your text, otherwise it is difficult, yeah.