tls server, http1.1, pipelining

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

tls server, http1.1, pipelining

Mario Luzeiro
I managed to get a TLS server working with lwIP!

I have a webpage with html and images. It loads ok over http.
My problem is now with TLS it cannot load the images.

If I set the server using HTTP1.0 the browser will send multiple parallel
TLS connections to get the images.
So it looks this multiple connections are not supported? in lwIP/mbedTLS?

If I set the server to send a HTTP1.1 with keep-alive, the browser will keep
the connection but will send multiple READs
but why does it work (multiple readings) with regular HTTP and not over TLS?

I checked and it looks there is no HTTP option to ask client to not perform
pipelining.




--
Sent from: http://lwip.100.n7.nabble.com/lwip-users-f3.html

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: tls server, http1.1, pipelining

tushartp
If you are using resource constraint devices like micro controller with low MIPS. Then the only option is to use http2 with tls. 
http1 with tls will create multiple connections. to get the web page data while the http2 will create single tls connections to do rx tx operations.


Tushar
 

On Tue, Jun 18, 2019 at 1:01 PM Mario Luzeiro <[hidden email]> wrote:
I managed to get a TLS server working with lwIP!

I have a webpage with html and images. It loads ok over http.
My problem is now with TLS it cannot load the images.

If I set the server using HTTP1.0 the browser will send multiple parallel
TLS connections to get the images.
So it looks this multiple connections are not supported? in lwIP/mbedTLS?

If I set the server to send a HTTP1.1 with keep-alive, the browser will keep
the connection but will send multiple READs
but why does it work (multiple readings) with regular HTTP and not over TLS?

I checked and it looks there is no HTTP option to ask client to not perform
pipelining.




--
Sent from: http://lwip.100.n7.nabble.com/lwip-users-f3.html

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: tls server, http1.1, pipelining

Mario Luzeiro
Thanks Tushar,
will it be a trivial change to request http2 connection or something more complicated?

Can you point me any site where can I learn about it and to try establish a http2 negotiation?
I was trying the http2 standard webpage but I was getting to lost :)

Mario

________________________________________
From: lwip-users <lwip-users-bounces+mrluzeiro=[hidden email]> on behalf of Tushar Patel <[hidden email]>
Sent: 18 June 2019 19:03
To: Mailing list for lwIP users
Subject: Re: [lwip-users] tls server, http1.1, pipelining

If you are using resource constraint devices like micro controller with low MIPS. Then the only option is to use http2 with tls.
http1 with tls will create multiple connections. to get the web page data while the http2 will create single tls connections to do rx tx operations.


Tushar


On Tue, Jun 18, 2019 at 1:01 PM Mario Luzeiro <[hidden email]<mailto:[hidden email]>> wrote:
I managed to get a TLS server working with lwIP!

I have a webpage with html and images. It loads ok over http.
My problem is now with TLS it cannot load the images.

If I set the server using HTTP1.0 the browser will send multiple parallel
TLS connections to get the images.
So it looks this multiple connections are not supported? in lwIP/mbedTLS?

If I set the server to send a HTTP1.1 with keep-alive, the browser will keep
the connection but will send multiple READs
but why does it work (multiple readings) with regular HTTP and not over TLS?

I checked and it looks there is no HTTP option to ask client to not perform
pipelining.




--
Sent from: http://lwip.100.n7.nabble.com/lwip-users-f3.html

_______________________________________________
lwip-users mailing list
[hidden email]<mailto:[hidden email]>
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: tls server, http1.1, pipelining

tushartp
You can try to port the libwebsockets library to your platform. They have working port for mbedtls with ESP32 wifi SOC.

This library supports http2 method and they have working webserver project on ESP32.
 


On Wed, Jun 19, 2019 at 5:10 AM Mário Luzeiro <[hidden email]> wrote:
Thanks Tushar,
will it be a trivial change to request http2 connection or something more complicated?

Can you point me any site where can I learn about it and to try establish a http2 negotiation?
I was trying the http2 standard webpage but I was getting to lost :)

Mario

________________________________________
From: lwip-users <lwip-users-bounces+mrluzeiro=[hidden email]> on behalf of Tushar Patel <[hidden email]>
Sent: 18 June 2019 19:03
To: Mailing list for lwIP users
Subject: Re: [lwip-users] tls server, http1.1, pipelining

If you are using resource constraint devices like micro controller with low MIPS. Then the only option is to use http2 with tls.
http1 with tls will create multiple connections. to get the web page data while the http2 will create single tls connections to do rx tx operations.


Tushar


On Tue, Jun 18, 2019 at 1:01 PM Mario Luzeiro <[hidden email]<mailto:[hidden email]>> wrote:
I managed to get a TLS server working with lwIP!

I have a webpage with html and images. It loads ok over http.
My problem is now with TLS it cannot load the images.

If I set the server using HTTP1.0 the browser will send multiple parallel
TLS connections to get the images.
So it looks this multiple connections are not supported? in lwIP/mbedTLS?

If I set the server to send a HTTP1.1 with keep-alive, the browser will keep
the connection but will send multiple READs
but why does it work (multiple readings) with regular HTTP and not over TLS?

I checked and it looks there is no HTTP option to ask client to not perform
pipelining.




--
Sent from: http://lwip.100.n7.nabble.com/lwip-users-f3.html

_______________________________________________
lwip-users mailing list
[hidden email]<mailto:[hidden email]>
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: tls server, http1.1, pipelining

goldsimon@gmx.de
In reply to this post by Mario Luzeiro
Am 18.06.2019 um 18:29 schrieb Mario Luzeiro:
> I managed to get a TLS server working with lwIP!
>
> I have a webpage with html and images. It loads ok over http.
> My problem is now with TLS it cannot load the images.
>
> If I set the server using HTTP1.0 the browser will send multiple parallel
> TLS connections to get the images.
> So it looks this multiple connections are not supported? in lwIP/mbedTLS?

Multiple connections *are* supported.

> If I set the server to send a HTTP1.1 with keep-alive, the browser will keep
> the connection but will send multiple READs
> but why does it work (multiple readings) with regular HTTP and not over TLS?

You need to configure the server correctly, and you need enough RAM. We
have the lwIP htpd working perfectly as https server on an STM32, of
course with keep-alive. To speed up connection setup for parallel
connections, mbedTLS provides some cookie mechanisms as well.

> I checked and it looks there is no HTTP option to ask client to not perform
> pipelining.

You mean no option to request the client not opening multiple
connections? That's right, but you can greatly reduce mbedTLS memory
consumption when reducing the TX buffer: lwIP only uses a small TX
buffer, so you don't need 16K there. And when you're not expecting large
uploads, you can safely reduce the RX buffer for mbedTLS as well.

Regards,
Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users