[
https://issues.apache.org/jira/browse/TS-3080?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14179861#comment-14179861
]
Wei Sun commented on TS-3080:
-----------------------------
I think this is good work for improving openssl built-in session cache.
To add to [~bcall]'s comment #4, we built a SSL Session Reuse (including
session ticket and session Id) system that has been running on edge servers for
several months. A few work include:
1. Rewrote session ticket part to integrate with our internal key management in
terms of security needs. It is able to rotate the keys periodically;
2. Built an external session cache based on mdbm+redis, it stores 8 millions+
encrypted entries that are shared across multiple hosts in a production cluster
(without server side latency penalty). We turned off OpenSSL internal cache,
didn't run into the {{SSL_CTX_flush_sessions}} issue since the api seems only
checks sessions stored in the internal cache;
3. The system can be integrated with other framework.
We also plan to get rid of a few internal key related stuff and contribute the
library (along with an ats plugin) if someone is interested.
> OpenSSL implementation of TLS session cache is very slow.
> ---------------------------------------------------------
>
> Key: TS-3080
> URL: https://issues.apache.org/jira/browse/TS-3080
> Project: Traffic Server
> Issue Type: Bug
> Components: Core, SSL
> Reporter: Brian Geffon
> Assignee: Brian Geffon
> Fix For: 5.2.0
>
>
> The OpenSSL implementation of TLS session caching is very slow, we attempted
> to use it and it's locking and blows up at only a few hundred QPS. I'm going
> to develop a new TLS session cache in TS that is more performant under
> highload.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
