AWS IoT with mesh boards

I have tried and given up using the photon with AWS IoT or Azure IoT, as the TLS library is limited by the available RAM.

I am excited that the new Particle Mesh boards have more ram, which should make this now possible (I have actually got an FRDM-K64F board to connect via MBED using similar RAM).

Does anyone have a new mesh board, and has experimented with this?

Nothing bad about getting more RAM! But did you try with MBEDTLS 2.12? It allows you to change the in and output buffer sizes. I run an AWS iot connection with 8k and 2k in/out buffers on a P1 and a continuously computed FFT. Its a bit tight but it works.

That is great to hear! If its not sensitive would you please be able to share the relevant code ?

@grillo, do understand that the P1, which uses a Cypress/Broadcom stack which is different than the stack used in the mesh device’s nRF52840. In another post, @rickkas7 has already indicated that TCP is not supported on the mesh devices. The gateways support COAP communications to the Particle Cloud and tt may be possible to do TLS on the gateway devices but without access to the source code, it is too early to tell. It is important to note, however, that intra-mesh communications are encrypted.

@peekay123 Oh hang on, I did read that post from @rickkas7 but probably didnt grasp its message; so am I correct in saying that the mesh devices cannot connect to e.g. AWS IoT services as TLS is not supported/cannot be supported? Would be good to get some clarity on this.

@grillo It is a bit more than “sharing relevant code”. I use @hirotakaster’s excellent mqtt-tls library which comes bundled with mbedtls 2.07. The latest version of mbedtls can be obtained from here: Upgrading mbedtls from mqtt-tls isn’t too difficult, the files are organized a bit differently but you shouldn’t have a hard time with that.

The important bit is mbedtls’s config.h where all the customization to mbedtls happens. Compare the 2.07 and 2.12 config.h files and you’ll see what is needed for mqtt-tls. Then find the definitions for MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN and set appropriately. I set mine to 4096 and 2048, in 2.07 I believe these were always 8K (or 16K, not sure).

If you connect to AWS only, you may make the config.h a bit more skinnier than mqtt-tls is suggesting and turn off services/encryptions that aren’t used to save FLASH space. I simply went down the list in config.h and turned off anything I suspected was not needed and tried to connect to AWS - not very scientific I admit but hey…


@joost, the message I took away from @rickkas7’s post is that the mesh network does not support TCP but it seems it will support UDP. However, nothing was said about the gateway devices not supporting TCP and it is possible that HTTPS/TLS is supported by the nRF stack or the Particle DeviceOS. If not, it may support it as a user library. This, I do not currently know. Perhaps @rickkas7 can shed some light.


@peekay123 Thanks, got it. No TCP out of the box causes a bit of a ripple when using MBEDTLS - i’ve played with DTLS (the udp version of TLS) before but wasn’t too successful. Time for a more serious attempt I guess.

@joost, you have to consider two transports here. The mesh transport sits on OpenThread and Particle’s stack while the gateways also support outward looking transports like TCP and UDP. Running DTLS over or next to Thread may be difficult. Some answers will come when the firmware repo is opened up and documentation becomes available.

1 Like

Ah yes, looking forward to that! Without (D)TLS there is no connection to AWS/Google/Azure, and without those no MQTT i.e. no IoT (really)…