SSL Memory Usage and Fragmentation

Igor Sysoev is at
Wed Dec 26 23:21:20 MSK 2007

On Wed, Dec 26, 2007 at 01:49:52PM -0500, Ben Maurer wrote:

> Hi,
> Igor Sysoev wrote:
> >On Wed, Dec 26, 2007 at 12:34:39PM -0500, Ben Maurer wrote:
> >>It seems like it might be worth switching to something like the shared 
> >>memory cache by default. Keeping the long-lived session cache in a 
> >>different pool of memory avoids the risk of large amounts of memory 
> >>getting pinned in.
> >
> >Well, I will make shared session cache by default. It seems it's quite
> >stable. Other possible drawback of builtin cache as I think: it uses
> >a hash to store sessions and cache cleaning may take a long time.
> It might be worth having an option to disable the cache completely -- 
> right now all you can do is have a very small builtin cache. I have a 
> configuration where caching is pretty rare (in most cases, we only serve 
> 2 http requests to a user over a single keepalive connection).

Well, I have added

      ssl_session_cache  off;

and made it by default, as Apache mod_ssl does.

Igor Sysoev

More information about the nginx mailing list