git commit: TS-2413: release memory for idle SSL connections

Tue, 03 Dec 2013 09:30:42 -0800 

Updated Branches:
  refs/heads/master 42fc0106c -> 642d2f2c3


TS-2413: release memory for idle SSL connections

OpenSSL tends to allocate about 50KB of memory for each connection.
Setting flag: "SSL_MODE_RELEASE_BUFFERS" can save around 34K per
idle SSL connection. This flag has no effect on SSL v2 connections,
or on DTLS connections.

ref: http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/642d2f2c
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/642d2f2c
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/642d2f2c

Branch: refs/heads/master
Commit: 642d2f2c3b592eea3825ef80fe938695c1ea4bcf
Parents: 42fc010
Author: Wei Sun <sun...@yahoo-inc.com>
Authored: Tue Dec 3 09:28:56 2013 -0800
Committer: James Peach <jpe...@apache.org>
Committed: Tue Dec 3 09:28:56 2013 -0800

----------------------------------------------------------------------
 CHANGES                | 3 +++
 iocore/net/SSLUtils.cc | 3 +++
 2 files changed, 6 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/642d2f2c/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 7615363..fa8bb06 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 Changes with Apache Traffic Server 4.2.0
 
 
+  *) [TS-2413] Release memory for idle SSL connections.
+   Author: Wei Sun <sun...@yahoo-inc.com>
+
   *) [TS-2365] Configure the maximum TLS record size.
    Author: Wei Sun <sun...@yahoo-inc.com>
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/642d2f2c/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 8c4b888..19f65b6 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -313,6 +313,9 @@ SSLInitServerContext(
     break;
   }
 
+#ifdef SSL_MODE_RELEASE_BUFFERS
+  SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
   SSL_CTX_set_quiet_shutdown(ctx, 1);
 
   // XXX OpenSSL recommends that we should use 
SSL_CTX_use_certificate_chain_file() here. That API

Reply via email to