Hello,
We're working on a server that will be used to serve a large number of
mostly-idle clients over SSL connections. As we are starting to test
our scalability, we are finding that the memory used by each SSL
connection is one of our limiting factors.
We are measuring about 10K per session when we use just TCP, and
closer to 50K when we use SSL over TCP. We are using SSL3.1/TLS1.0.
Both our TCP server and SSL/TCP server are implemented using
boost::asio.
Looking around at the problem, we found this change to OpenSSL in the
CVS repository:
http://cvs.openssl.org/chngview?cn=17238
We installed a copy of openssl-SNAP-20081210 (which includes this
change) to test with, and modified our code to set the
SSL_MODE_RELEASE_BUFFERS flag on the context. This appears to be
working as its supposed to: when I run everything under the debugger
and set a breakpoint on the call to OPENSSL_malloc in
freelist_extract, it gets called a few times, then is not called again
while I'm bringing up my test connections.
However, memory usage remains about the same; over 1K connections my
process goes from 10MB RAM to 48MB RAM, about 38KB/connection.
We're a bit stumped about what to do next. I was hoping somebody who
was more familiar with the OpenSSL code could suggest some other ways
we could reduce memory usage, or perhaps troubleshoot our use of
SSL_MODE_RELEASE_BUFFERS.
Thanks for any suggestions,
----Scott.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
