My IoT Things are very limited devices, setting up a complete TLS session is a demanding task and it's not possible to keep it alive for a prolonged time - the cellular service is unstable. I would like to use a Session Resumption for TLS 1.3. I know about the notice at the bottom of Important notes for transport security in AWS IoT Core. It however links to RFC which, i believe, is only related to TLS <= 1.2. I also found this other re:Post IOTCore TLS connection overhead too large. Is it possible to resume a session? but it explicitly talks about TLS 1.2. Before i dive into the details of specific TLS library used on my limited device, can anyone confirm that session resumption is supported by the AWS IoT Core for TLS 1.3?
AWS 官方已更新 2 年前
Thank you Greg. That is unfortunate news, but we must go on with it. Would you recommend some of the (63 for "mqtt" search) AWS Marketplace offerings instead? Our usage is very moderate, so IoT Core is almost free for us. But having TLS resumption is more important now. And QoS 2 would be nice too, if we're already at an alternative path.
Do you have flexibility on the key algorithm? You can reduce the overhead by using ECDSA-P256, to minimize the certificate size. You might also consider custom authentication to avoid the use of certificates altogether: https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html. I don't have any recommendations among the marketplace offerings.