ESP8266WebServerSecure memory usage

I have recently been experimenting with ESP8266WebServer secure as I wanted to add SSL to my project. I am a little unsure as to how much memory should be allowed for the secure version of the Webserver to run. According to the Bear SSL documentation, this requires "approximately" 5.6kb stack space and another 22kb per session, which adds up to around 27-28kb.

After I had added SSL to my project, memory usage was as follows:

Executable segment sizes:
IROM   : 417396          - code in flash         (default or ICACHE_FLASH_ATTR) 
IRAM   : 28660   / 32768 - code in IRAM          (ICACHE_RAM_ATTR, ISRs...) 
DATA   : 1280  )         - initialized variables (global, static) in RAM/HEAP 
RODATA : 19920 ) / 81920 - constants             (global, static) in RAM/HEAP 
BSS    : 29456 )         - zeroed variables      (global, static) in RAM/HEAP 
Sketch uses 467256 bytes (48%) of program storage space. Maximum is 958448 bytes.
Global variables use 50656 bytes (61%) of dynamic memory, leaving 31264 bytes for local variables. Maximum is 81920 bytes.

Bear SSL documentation I found here:
https://arduino-esp8266.readthedocs.io/en/latest/esp8266wifi/bearssl-client-secure-class.html

Theoretically, there appeared to be just about enough free space with a little headroom, yet when I uploaded the sketch an tried to connect with a browser, I ran into an Out Of Memory (OOM) error as shown with debug on in Serial Monitor. Following online tutorials I had initially used an embedded approach to store the web pages but over time they had proliferated and dynamic memory usage rose as a result. Fortunately I discovered a relatively easy way to the HTTP content to progmem using a static const char pagename[] PROGMEM = R"EOF()EOF; structure for each page. Initially I was able to reduce dynamic memory usage by 5kb and again by another 5kb, but this made no difference and the OOM error persisted. The webserver started working only when I had moved almost all the HTTP content to PROGMEM and reduced the dynamic memory footprint down to something like 42%, at which point I was finally able to establish an SSL connection. JavaScript and CSS content still seemed to be disabled (which is another matter to be resolved) but at least now I could browse the device over HTTPS.

The memory footprint is now:

Executable segment sizes:
IROM   : 435300          - code in flash         (default or ICACHE_FLASH_ATTR) 
IRAM   : 28660   / 32768 - code in IRAM          (ICACHE_RAM_ATTR, ISRs...) 
DATA   : 1280  )         - initialized variables (global, static) in RAM/HEAP 
RODATA : 2624  ) / 81920 - constants             (global, static) in RAM/HEAP 
BSS    : 29456 )         - zeroed variables      (global, static) in RAM/HEAP 
Sketch uses 467864 bytes (48%) of program storage space. Maximum is 958448 bytes.
Global variables use 33360 bytes (40%) of dynamic memory, leaving 48560 bytes for local variables. Maximum is 81920 bytes.

In due course I will probably want to convert my existing solution to using spiffs instead (still on my to-do list), but what this is leading up to is that memory usage does seems to be far in excess of what appears to be stated in the manual? It is undoubtedly an amazing achievement to get an SSL webserver running on a Microcontroller in so little memory space, but is there any way to more accurately determine exactly what memory is being used or is this a matter of trial and error? In my case, evidently at least 45kb (or just about double the stated requirement) was being used and I would like to understand the reason for this.

Also, is there a difference between using ESP8266WebServerSecure and BearSSL::ESP8266WebServerSecure, and does this make a difference to memory usage? Are there other reasons for using one vs the other? As is evident from a comparison of HelloWebserverSecure.ino and HelloWebServerBearSSL.ino (which were brought to my attention courtesy of someone over on the ESP8266 IRC channel to whom I am very grateful) it seems there are subtle differences in the command-set, for example in the the way that the certificate and key is applied, a fact that I was only able to discern after comparing the two sketches. Prior to that, I had spent over 4 hours trying verious online examples without much success. I have to say though, that I found the documentation at arduino-esp8266.readthedocs.io to be excellent.

With that observation out of the way and my sketch now working, my next step would be to figure out how to switch between HTTP and HTTPS dynamically depending on user preferences, although from what I have discovered so far, it would seem likely that this will have to be a compile time choice only. In the meantime, if anyone has further detailed information regarding ESP8266WebserverSecure (Bear SSL or otherwise) memory use or can explain why the webserver in this instance appears to be using much more memory than expected this would be gratefully appreciated.

1 Like