IoT Core TLS 1.3 Session Resumption

0

My IoT Things are very limited devices, setting up a complete TLS session is a demanding task and it's not possible to keep it alive for a prolonged time - the cellular service is unstable. I would like to use a Session Resumption for TLS 1.3. I know about the notice at the bottom of Important notes for transport security in AWS IoT Core. It however links to RFC which, i believe, is only related to TLS <= 1.2. I also found this other re:Post IOTCore TLS connection overhead too large. Is it possible to resume a session? but it explicitly talks about TLS 1.2. Before i dive into the details of specific TLS library used on my limited device, can anyone confirm that session resumption is supported by the AWS IoT Core for TLS 1.3?

SMIT
已提问 7 个月前235 查看次数
1 回答
1
已接受的回答

Hi. That old re:Post question talks about TLS1.2 because AWS IoT Core did not support TLS1.3 at that time. Unfortunately it's still the case that AWS IoT Core does not currently support TLS session resumption. For any TLS version.

profile pictureAWS
专家
Greg_B
已回答 7 个月前
  • Thank you Greg. That is unfortunate news, but we must go on with it. Would you recommend some of the (63 for "mqtt" search) AWS Marketplace offerings instead? Our usage is very moderate, so IoT Core is almost free for us. But having TLS resumption is more important now. And QoS 2 would be nice too, if we're already at an alternative path.

  • Do you have flexibility on the key algorithm? You can reduce the overhead by using ECDSA-P256, to minimize the certificate size. You might also consider custom authentication to avoid the use of certificates altogether: https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html. I don't have any recommendations among the marketplace offerings.

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则