SSL Memory Usage and Fragmentation
bmaurer at andrew.cmu.edu
Wed Dec 26 21:49:52 MSK 2007
Igor Sysoev wrote:
> On Wed, Dec 26, 2007 at 12:34:39PM -0500, Ben Maurer wrote:
>> It seems like it might be worth switching to something like the shared
>> memory cache by default. Keeping the long-lived session cache in a
>> different pool of memory avoids the risk of large amounts of memory
>> getting pinned in.
> Well, I will make shared session cache by default. It seems it's quite
> stable. Other possible drawback of builtin cache as I think: it uses
> a hash to store sessions and cache cleaning may take a long time.
It might be worth having an option to disable the cache completely --
right now all you can do is have a very small builtin cache. I have a
configuration where caching is pretty rare (in most cases, we only serve
2 http requests to a user over a single keepalive connection).
> As to OpenSSL it takes about 100K per connection.
That's worse than I thought...
More information about the nginx