ESP32/ENC28J60/EthernetENC: BearSSL "incoming record is too large to be processed, or buffer is too small"

[marcelstoer]

In my setup ESP32/ENC28J60/EthernetENC I am seeing the following when communicating with some servers.

Incoming record is too large to be processed, or buffer is too small for the handshake message to send.

Socket connection succeeds (i.e. sslClient.connect(host, port) is ok), sending a GET request is also ok but this error occurs while processing the response.

It seems to come from here: https://github.com/khoih-prog/EthernetWebServer_SSL/blob/main/src/SSLClient/bearssl/src/ssl/ssl_engine.c#L688 I added a printf() there to understand what the actual values are.

rlen: 16400, ibuf_len: 2048

Which of the buffers do I need to increase in this case?

[khoih-prog]

It's possible the ENC28J60 has to do many (uIP) jobs by software and slow down the TLS/SSL encryption/decryption process => overflowing the buffer.

It's very deep inside the BEARSSL code and also (server) use-case-dependent, and will take some time to debug to know where and when it happens and fix.

I suggest that you use the better W5500, or even the best LAN8720 in WT32_ETH01, to see if OK then.
Using WT32_ETH01 (ESP22 + LAN8720) you can use better and faster native SSL of ESP32.

You also can post question and ask for help at EthernetENC and/or OPEnSLab-OSU SSLClient

[marcelstoer]

Thanks! I updated the question while you were writing your answer.

Also, I found out I can manually edit https://github.com/khoih-prog/EthernetWebServer_SSL/blob/main/src/SSLClient/SSLClient.h#L520 and set unsigned char m_iobuf[18432];. While that fixes the problem, it doesn't feel correct. No API for that setting?

[khoih-prog]

I guess I came across similar issue some long time ago and had to increase the buffer size. Don't remember anything now !!!

If useful and popular, I can write new SSL init function to permit configurable buffer size. The worse issue is this enhancement can create issue for boards with smaller size of memory, if you don't know what to do.