[Feature Request] Max Fragment Length parameter on SSL connection

[florian72810]

Hello

On a TLS connection, it uses a lot of memory. In my sample program, I have about 30ko available before connecting, and only 2ko when the connection is established.

BearSSL can use a custom Maximum Fragment Length (MFLN) to minimize RAM Usage.

I tried to use it, and it is awesome. My sample program now have 18ko available RAM, while being connected (vs 2ko without).

It seems nothing is required on the server side, but you may need a new version of Nginx/OpenSSL. The server I used for test has nginx/1.18.0 and openssl 1.1.1f. I read that a configuration is needed on nginx, with ssl_buffer_size 512;, but it my tests, it also worked without.

Here is a sample using MFLN with HTTPS.

To enable MFLN it this library, I added this in WebSocketsClient.cpp, line 242:

@@ -239,6 +239,12 @@ void WebSocketsClient::loop(void) {
                 _client.ssl->setInsecure();
             }
 
+            bool mfln = _client.ssl->probeMaxFragmentLength(_host, _port, 512);
+            if(mfln) {
+                _client.ssl->setBufferSizes(512, 512);
+                DEBUG_WEBSOCKETS("[WS-Client] Using MaxFragmentLength of 512\n");
+            }
+
             if(_client_cert && _client_key) {
                 _client.ssl->setClientRSACert(_client_cert, _client_key);
                 DEBUG_WEBSOCKETS("[WS-Client] setting client certificate and key");

I used a fixed size of 512, but I think the size should be a parameter with a value of 512, 1024, 2048, 4096 or 8192.

[Links2004]

will take a look at this, but need to check how ESP32 suppport is and may only make this a opt in.

[kakopappa]

+1. Having the same problem. Would be great to have this built-in at least for esp8266. Happy to raise a PR if you need extra 🙌