SSL Memory Usage and Fragmentation

Ben Maurer bmaurer at
Wed Dec 26 21:49:52 MSK 2007


Igor Sysoev wrote:
> On Wed, Dec 26, 2007 at 12:34:39PM -0500, Ben Maurer wrote:
>> It seems like it might be worth switching to something like the shared 
>> memory cache by default. Keeping the long-lived session cache in a 
>> different pool of memory avoids the risk of large amounts of memory 
>> getting pinned in.
> Well, I will make shared session cache by default. It seems it's quite
> stable. Other possible drawback of builtin cache as I think: it uses
> a hash to store sessions and cache cleaning may take a long time.

It might be worth having an option to disable the cache completely -- 
right now all you can do is have a very small builtin cache. I have a 
configuration where caching is pretty rare (in most cases, we only serve 
2 http requests to a user over a single keepalive connection).

> As to OpenSSL it takes about 100K per connection.

That's worse than I thought...


More information about the nginx mailing list