[nginx] SSL: updated comment about session sizes.

[Sergey Kandaurov]

details:   https://hg.nginx.org/nginx/rev/fa4b4f38da4a
branches:  
changeset: 8076:fa4b4f38da4a
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Wed Oct 12 20:14:37 2022 +0300
description:
SSL: updated comment about session sizes.

Previous numbers are somewhat outdated, typical ASN1 representations of
sessions are slightly bigger now.

diffstat:

 src/event/ngx_event_openssl.c |  12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diffs (26 lines):

diff -r 38c71f9b2293 -r fa4b4f38da4a src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c	Wed Oct 12 20:14:36 2022 +0300
+++ b/src/event/ngx_event_openssl.c	Wed Oct 12 20:14:37 2022 +0300
@@ -3790,16 +3790,16 @@ ngx_ssl_session_cache_init(ngx_shm_zone_
 
 /*
  * The length of the session id is 16 bytes for SSLv2 sessions and
- * between 1 and 32 bytes for SSLv3/TLSv1, typically 32 bytes.
- * It seems that the typical length of the external ASN1 representation
- * of a session is 118 or 119 bytes for SSLv3/TSLv1.
+ * between 1 and 32 bytes for SSLv3 and TLS, typically 32 bytes.
+ * Typical length of the external ASN1 representation of a session
+ * is about 150 bytes plus SNI server name.
  *
- * Thus on 32-bit platforms we allocate separately an rbtree node,
+ * On 32-bit platforms we allocate separately an rbtree node,
  * a session id, and an ASN1 representation, they take accordingly
- * 64, 32, and 128 bytes.
+ * 64, 32, and 256 bytes.
  *
  * On 64-bit platforms we allocate separately an rbtree node + session_id,
- * and an ASN1 representation, they take accordingly 128 and 128 bytes.
+ * and an ASN1 representation, they take accordingly 128 and 256 bytes.
  *
  * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow,
  * so they are outside the code locked by shared pool mutex