On Mon, Mar 21, 2005, Victor Duchovni wrote: > > In my server cache I have: 1900 entries occupying 2.4MBytes (in a btree > totaling 7MB on disk) with an average size of 1300 bytes per entry > (key + value). 977 of these entries are a mere 327 bytes long (no client > cert), the rest of the sessions are 2.4k in average size and occupy 90% > of the space. The vast majority of the client certs are unverified > and waste space. Reducing resource requirements makes a server more > DoS resistant. I think the feature I am looking for, a function that > clears and frees the peer certificate from a session, is cheap enough > to warrant implementation. >
I'm curious as to what purpose these unverified certificates serve? If they aren't used in any way why are they requested in the first place? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
