[
https://issues.apache.org/jira/browse/SSHD-846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16635405#comment-16635405
]
Robert Varga commented on SSHD-846:
-----------------------------------
[~lgoldstein] thanks for the patch, two comments:
# I think it is still useful to nullify KeyPairGenerators, as it allows them
to be freed while the key exchange is going on – it can take some time
# I am no expert on locking and codepaths, but it would seem that "kex = null"
should happen before kexState.set(KexState.DONE) – otherwise the guard via
compareAndSet() could be ineffective:
> ECDH/HDG kex retains KeyPairGenerator
> -------------------------------------
>
> Key: SSHD-846
> URL: https://issues.apache.org/jira/browse/SSHD-846
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 1.6.0, 1.7.0, 2.0.0
> Reporter: Robert Varga
> Assignee: Goldstein Lyor
> Priority: Major
>
> Analysis of a heap dump of running OpenDaylight with 10K concurrent NETCONF
> sessions over SSH transport shows that around 16% of the heap is used by
> Bouncy Castle's KeyPairGeneratorSpi$EC and related objects – accounting for
> ~26% of OpenDaylight's per-session memory overhead.
> These objects are retained by org.apache.sshd.common.kex.ECDH's myKpairGen
> field, which is never used once a keypair is generated.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
