On Thu, 19 Feb 2026 at 16:42, Robert Relyea <[email protected]> wrote: > > > The code is also churning through a lot of temp symkeys, I wonder if > > it hits the 800 limit. > > The 800 is how many keys stay on the free list before NSS starts freeing > the keys. It would take quite a feat to hit that limit. You need to > create over 800 symkeys and then free them all to hit the limit. Doing > 800 cycles is unlikely to hit the limit if you are just creating a > freeing the keys as you go, you just keep reusing that key structure.
Um, yes. I realised after posting; I had it 180 out. A growing backlog of incomplete DH negotiations (waiting on peer) would keep the free list empty, causing new keys to be allocated. I don't expect this to be the problem, but with max=0, I'll soon find out. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CAJeAr6tepm2aD%3D1irCOQqzkOe7-kuUxQzZhp%3DLH_W6scdF-_Yg%40mail.gmail.com.
