On Wed, Jul 28, 2004, Joseph Bruni wrote: > Hello all, > > I'm developing an application that is used as a messaging hub for > thousands of users. The idea was that the users would maintain their > SSL connections indefinitely because one would never know when a > message was to be delivered and the messages need to be sent in > near-real-time. > > So far, everything has been working great. I'm using POSIX threads and > non-blocking I/O. With around 1000 busy connections, the system works > flawlessly. Once I get to around 1040-1050 connections, my call to > SSL_read() just never returns and seems to be getting stuck in an > infinite loop. CPU utilization goes from a normal 2-3% up to over 170% > (dual CPU system). One of the things I still need to try is to cause a > core so that I can find out where it's actually hung up. > > I've done everything I'm supposed to with regards to registering the > mutex functions for threads and I never share a connection between > threads. A given connection is only ever managed by a single thread. > > I know the problem is not related to the number of file descriptors > since I've already moved those limits out with a call to setrlimit(). > > I'm using OpenSSL 0.9.7d on Mac OS X 10.3.4. The OpenSSL library was > compiled by me using the "shared" option rather than the library > supplied by Apple (to avoid the memory leaks present in 0.9.7c). > > Is there some sort of inherent limitation in the OpenSSL library with > regards to the number of simultaneous connections? > > Any advice on how to troubleshoot this would be appreciated. Tomorrow, > I'm planning on trying out the latest snapshot of 0.9.8 to see if I get > different behavior. Eventually, I'd like the system to handle around > 4000 simultaneous connections. >
There are no know limitations of that sort. Which leaves the possiblity of some that are unknown of course :-) I'm wondering if there could be issues with the session cache: from your description OpenSSL is being used as a server? Have you tried increasing the session cache size? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
