By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

IoT Core TLS 1.3 Session Resumption

0

My IoT Things are very limited devices, setting up a complete TLS session is a demanding task and it's not possible to keep it alive for a prolonged time - the cellular service is unstable. I would like to use a Session Resumption for TLS 1.3. I know about the notice at the bottom of Important notes for transport security in AWS IoT Core. It however links to RFC which, i believe, is only related to TLS <= 1.2. I also found this other re:Post IOTCore TLS connection overhead too large. Is it possible to resume a session? but it explicitly talks about TLS 1.2. Before i dive into the details of specific TLS library used on my limited device, can anyone confirm that session resumption is supported by the AWS IoT Core for TLS 1.3?

Topics
Internet of Things (IoT)
Tags
AWS IoT CoreTransport Layer Security (TLS)
Language
English
SMIT
asked 6 months ago223 views
1 Answer
1
Accepted Answer

Hi. That old re:Post question talks about TLS1.2 because AWS IoT Core did not support TLS1.3 at that time. Unfortunately it's still the case that AWS IoT Core does not currently support TLS session resumption. For any TLS version.

profile pictureAWS
EXPERT
Greg_B
answered 6 months ago
  • SMIT
    6 months ago

    Thank you Greg. That is unfortunate news, but we must go on with it. Would you recommend some of the (63 for "mqtt" search) AWS Marketplace offerings instead? Our usage is very moderate, so IoT Core is almost free for us. But having TLS resumption is more important now. And QoS 2 would be nice too, if we're already at an alternative path.

  • Greg_B EXPERT
    6 months ago

    Do you have flexibility on the key algorithm? You can reduce the overhead by using ECDSA-P256, to minimize the certificate size. You might also consider custom authentication to avoid the use of certificates altogether: https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html. I don't have any recommendations among the marketplace offerings.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content