Louis LeBlanc wrote:
> Just in case anyone is interested, I have come across a problem with
> the SSL session caching. Under heavy load, my app would dump core,
> sometimes the core exceeded 300MB (though a good part of this was
> memory allocated for application functionality). The problem
> disappeared when I turned off client side session caching.
> If anyone has experience with this, a quick rundown would be greatly
> appreciated.
I've seen this with an old stunnel client too. It did not attempt to
re-use client side sessions (this is not automatic), so every connect
resulted in a new session, and they were all put into the cache. This
cache can get pretty big under heavy load (if I remember correctly
only timed-out sessions are purged). All these new sessions also put
an extra crypto load on the server.
The current stunnel code (3.8p4) tries to re-use sessions, using
SSL_set_session (see ssl.c). It doesn't show the same problem, so you
might want to look at it to see if your application can use the same
technique.
Hope this helps.
Peter Wagemans
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
