All geek questions in one place

Openssl: reduced memory usage

Good afternoon. We have a server written in C ++ that accepts many SSL / TLS connections; we use boost :: asio (therefore backend openssl ) to install SSL.

The memory server uses about 160-200 KB of memory for each connection, and we want to reduce this usage. boost :: asio uses the SSL_MODE_RELEASE_BUFFERS flag by default, so the basic optimization is already done .. Playback with ctx->freelist_max_len doesn't seem to change anything.

How can I do that? Maybe we have an additional "secret setup"? Perhaps we can safely disable some encryption algorithms to reduce memory?

+6
source share
1 answer

When I looked at the same thing, I was profiling my application using an array when 1000 clients were connected.

  • Test 1: without using SSL. Peak Memory Usage - 2.871 MB.
  • Test 2: with SSL settings by default. Peak memory 617.3 MB.
  • Test 3: With SSL disabled. Peak memory 41.93 MB.
  • Test 4: Modified test 3 with SSL_MODE_RELEASE_BUFFERS enabled. Peak memory 11.49 MB.

This goes up to 11.5 kilobytes per connection, although of course it will be different in your application.

You are already using SSL_MODE_RELEASE_BUFFERS, but you may also consider disabling compression. Disabling compression can be achieved using the following. This requires openssl> = 1.0.

SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION | <other options>);

or

SSL_set_options(ssl, SSL_OP_NO_COMPRESSION | <other options>);

+7
source

Source: https://habr.com/ru/post/954394/

More articles:


All Articles