We are tracking a memory leak issue on ssl_multicert.config reload. But
I'm not aware of substantial memory leak for SSL traffic passing through.
Are you running in forward proxy or reverse proxy? Are you running in
transparent mode?
Operating with SSL will use more memory than straight HTTP over TCP. Is
it possible that your steady state memory usage has increased over the
TCP case?
On 5/17/2015 9:01 AM, Esmq wrote:
hi,all
i have encounter seriously memory leak problem related to ats.
########################################################
after testing for several times, it is confirmed that the problem is
caused by *ssl termination.*
the following testing i haved done:
1) runing ats on several servers with same hardware/software
configuration.
2) when configure some ats for ssl termination, these servers have
memory leak...
3) when disabled ssl termination, the problem gone.
4) the ssl requests rate is about 100-200 requests/second
5)*ats that enabled ssl termination increased memory usage continually
(increase 10MB in 1 minutes)*
6) the problem not fixed in v5.3.0
########################################################
my system env and configuration is :
#######################################################
runing ats on debian7 64bit system(3.2.0-4-amd64), compile the ats
with following paramters:
./configure --prefix=/usr/local/trafficserver-5.3.0 --enable-spdy
--with-user=trafficserver --with-group=trafficserver
--sysconfdir=/home/trafficserver/etc --enable-experimental-plugins
--enable-reclaimable-freelist --enable-hwloc
#######################################################
and the ssl related configuration is :
CONFIG proxy.config.http.server_ports STRING 80:proto=spdy;http
443:proto=spdy;http:ssl
CONFIG proxy.config.ssl.number.threads INT 0
CONFIG proxy.config.ssl.SSLv2 INT 0
CONFIG proxy.config.ssl.SSLv3 INT 1
CONFIG proxy.config.ssl.TLSv1 INT 1
CONFIG proxy.config.ssl.server.cipher_suite STRING
RC4-SHA:AES128-SHA:DES-CBC3-SHA:AES256-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL
CONFIG proxy.config.ssl.server.honor_cipher_order INT 1
CONFIG proxy.config.ssl.compression INT 0
CONFIG proxy.config.ssl.client.certification_level INT 0
CONFIG proxy.config.ssl.server.cert_chain.filename STRING NULL
CONFIG proxy.config.ssl.server.cert.path STRING /home/trafficserver/etc
CONFIG proxy.config.ssl.server.private_key.path STRING
/home/trafficserver/etc
CONFIG proxy.config.ssl.CA.cert.filename STRING NULL
CONFIG proxy.config.ssl.CA.cert.path STRING /home/trafficserver/etc
CONFIG proxy.config.ssl.client.verify.server INT 0
CONFIG proxy.config.ssl.client.cert.filename STRING NULL
CONFIG proxy.config.ssl.client.cert.path STRING /home/trafficserver/etc
CONFIG proxy.config.ssl.client.private_key.filename STRING NULL
CONFIG proxy.config.ssl.client.private_key.path STRING
/home/trafficserver/etc
CONFIG proxy.config.ssl.client.CA.cert.filename STRING NULL
CONFIG proxy.config.ssl.client.CA.cert.path STRING /home/trafficserver/etc
CONFIG proxy.config.ssl.hsts_max_age INT -1
CONFIG proxy.config.ssl.hsts_include_subdomains INT 0
#######################################################
ssl_multicert.config:
ssl_cert_name=ssl/mdc.test.com.crt ssl_key_name=ssl/mdc.test.com.key
ssl_cert_name=ssl/daily.test.com.crt ssl_key_name=ssl/daily.test.com.key
dest_ip=* ssl_cert_name=ssl/sslbbs.example.com.ee.crt
ssl_key_name=ssl/sslbbs.example.com.nopass.key
#########################################
is there any configuration that can relieve the memory leak ?
does anyone have the suggestion?
