Digi Connect ME -S: Very long delay to server when using ssl encryption (Secure Sockets)

Hi,

I have a Digi Connect ME -S connected to a host processor. I use the TCP Sockets profile to communicate with the server (Automatically establish TCP connections is active, I connect when data is present on the serial line and Enable TCP Keep-Alive is disabled).
When I use Raw TCP as service on port 80 the Connect ME receives the reply from the server immediately as expected. When I switch to Secure Sockets on port 443 it takes 60s for the Connect ME to receive the reply.

When using my Digi XBee LTE-M/NB-IoT modem I receive the reply on the same server on port 443 over TLS immediately.

That’s why I guess that the Connect ME causes the 60s overhead.

Is it possible that I will have to change further parts of the configuration to speed the reply up, does it just take so long with the Connect ME or might there be something else wrong?

I appreciate any help or information.

BR
Max

Edit:
The response time seems to be 60s constant.
I am using a DC-ME4-01T-S-UPW with Firmware 2.26.1 (Version 82004424_C 10/05/2020) and POST 1.1.5 (release_82004423_A1).

Edit2:
I could have a look at the server log and I receive the reply very shortly after the server received it, so the delay happens on the way to the server.

Hello Rumo,

the DC-ME4-01T-S-UPW is running firmware with improved security and more secure SSH keys.
After a factory reset these keys need to be regenerated which can take up to 40 minutes runtime.
Any connection trial before these 40 minutes might be refused or delayed.
Please make sure your Connect ME was once running around 40 minutes powered on without being interrupted. Typically this was already done at Digi, but when you perform a factory reset, the key generation is restarted.

Please also be aware that the DC-ME4-01T-S-UPW has an old NS7520 ARM7 processor running at 75MHz with no numeric co-processor or MMU. All SSL calculations need to be done by the CPU and depending on the key-length this can take some time.

You can give it a try by downgrading to the older firmware https://ftp1.digi.com/support/firmware/82001120_M6.bin to see if this is faster. However be aware that this firmware is vulnerable to Ripple20.

If with this trial the speed is better, you know it’s about SSL calculation which takes more time with the newer firmware. If it is still the same slow speed, you might want to upgrade again to the 82004424_C firmware (wait 40min) and try to play with the configuration settings to improve the response time. You might create a support ticket with Tech.Support@digi.com (providing your MAC address and date code from the module) if you can’t find better settings.

regards, Thomas.

Hello Thomas,

thanks for your reply!

I am pretty sure the Connect ME was powered on for at least 40 minutes continuously after the last factory reset. To confirm this I am testing it right now.
If this does not fix the problem I will try it after downgrading the firmware and create a support ticket if this does not help, too.

BR and thank you
Rumo

After contacting the Digi tech support I now know that my Connect ME is too old to properly encrypt my communication. The support gave me the hint that I could try the DC-ME-Y402-S-UPW which has a faster processor and is pin compatible but still is too old to get support by Digi.