On Thu, Sep 22, 2005, Marton Anka wrote: > On 9/13/05, Martin Del Vecchio <[EMAIL PROTECTED]> wrote: > > > > My application needs to support a large number (thousands) of > > connections, so this memory requirement is huge. And my application > > doesn't need to send 16K messages; 4K would be more than enough. > > > > I wouldn't mind being able to reduce the size of the memory OpenSSL > allocates for every connection either. It appears to be 2x16kbytes, with an > extra 2x16k or so if you have the microsoft big buffer flag turned on (which > I presume should be on). > > We too are handling a very large number of connections on an x32 > architecture. With Windows this pretty much means that your application is > constrained to 3 gigs of available VM space - we get there with about 30,000 > connections. (We need some additional memory such as network recv/send > buffers, etc.) > > Moving to x64 would be a solution but having just recently invested in a > bunch of of Xeon servers this is not a step I'd take lightly. Any ideas on > how to reduce the per-connection memory requirements? >
The cause is the maximum record size in the specifications, any compliant client or server might send a record of maximum size which would then reach the requirements stated. If the maximum record length is used an implementation can't do much about that because it has to check the entire record integrity before returning any data to the application. Doing anything else would be a security hole. There are some TLS extensions which allow the max record size to be specified at handshake time *but* these aren't widely supported. OpenSSL doesn't currently support TLS extensions though. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
