Hi Hemanth,

Using PSK will reduce the footprint size of the library significantly, but you'll need to have a framework in place to pre-distribute and manage the keys on your end devices.  Our "LeanPSK" build is the smallest build we have done to date.  Last time we compiled it on an optimized, ARM compiler, it had a footprint of around 21kB.  To compile the leanPSK build using the ./configure system, you can use the "--enable-leanpsk" build option.

If you don't want to use PSK, some things which will reduce footprint of a normal RSA or ECC build include:

1)  Define NO_OLD_TLS - this will eliminate all protocol versions except TLS 1.2 and reduce the library size by a few kB.

2)  Define NO_SESSION_CACHE - this will disable the session cache (as long as you don't need it) and will reduce the library size by a few more kB.

3)  Disable un-needed algorithms and ciphers.  For example, you could disable 3DES by defining NO_DES3

4)  If you only need to use ECC, you can compile out RSA by defining NO_RSA.  And, along these lines, you can define ECC_TIMING_RESISTANT, which cuts the heap usage in half and reduces the code size, but ECC operations are twice as slow.  Using ECC keys will save you memory, since ECC keys are much smaller than RSA keys at the same security level.

5)  If you are on an embedded platform which has hardware cryptography, this can reduce footprint size.  For example, AES has tables that take about 10kB, which are eliminated when offloaded into hardware.

Best Regards,
Chris