PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

Memory consumption - 32 KB memory buffer

May 5, 2017 08:43


We are using mbedTLS on a STM32F103 board with 96 KB RAM. The only cipher suite used is ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and the important config.h options are

  • #define MBEDTLS_X509_USE_C
  • #define MBEDTLS_X509_CRT_PARSE_C
  • #define MBEDTLS_PK_C
  • #define MBEDTLS_PK_PARSE_C

Self-signed certificate (342 bytes) and private key (123 bytes) are used. We need to use a 32 KB memory buffer in mbedtls_memory_buffer_alloc_init. Otherwise using a smaller buffer, the TLS is not stable and we are getting errors (eg. handshake errors). For me this size seems a bit too much having 2048+342+123 = ~2.5 KB as raw input data.

Is this buffer size a reasonable one? Could this buffer be reduced? Or could this cipher suite be the cause of this memory consumption?



May 7, 2017 07:11
Ron Eldor

Hi Flaviu,
I recommend you look at the following Knowledge Base Articles:
* https://tls.mbed.org/kb/how-to/reduce-mbedtls-memory-and-storage-footprint
* https://tls.mbed.org/kb/how-to/how-do-i-tune-elliptic-curves-resource-usage
This show you how you can reduce memory and resource usage. I would focus on the MBEDTLS_SSL_MAX_CONTENT_LEN part, and the ECP fine-tuning.
I hope this helps
mbed TLS Team member

May 8, 2017 11:59

Thanks Ron,

I will check them.

Regards, Flaviu

May 8, 2017 12:12

I ran into the same issues, I've been able to safe 15Kbyte though.

I've successfully reduced the memory usage, by splitting up the input and output buffer sizes. The output buffers are under your own control, so you can configure them typically much lower than the incoming buffers.

If added a config setting MBEDTLS_SSL_MAX_OUT_CONTENT_LEN (and I typically configured it as 1024)

I'll see if I can make a pull request of this some time.

May 8, 2017 13:05

Hi harmv,

Reducing memory consumption with 15 KB would be great, thanks for hint! It was an idea to investigate the library code but I thought it would be too dangerous :)

Regards, Flaviu

May 17, 2017 16:28
Michael Böckling

@harmv: That would be most welcome.

FYI, OpenSSL is finally implementing "Maximum Fragment Length": https://github.com/openssl/openssl/pull/1008