6

Good day. We have a server written on C++ that accept many SSL/TLS connections; we are using boost::asio (so backend is openssl) to establish SSL.

At the mement server is using about 160-200kbytes of memory per connection and we want to reduce this usage. boost::asio is using SSL_MODE_RELEASE_BUFFERS flag by default, so basic optimisation is already done.. Playing with ctx->freelist_max_len seems changes nothing.

How this can be done? Maybe we there is a additional "secret setting"? Probably we can safely disable some encryption algorithms to reduce memory consuption?

4

1 回答 1

8

当我查看同一件事时,我在连接了 1000 个客户端时使用 massif 分析了我的应用程序。

  • 测试 1:不使用 SSL。峰值内存使用量达到 2.871MB。
  • 测试 2:使用 SSL,默认设置。峰值内存为 617.3MB。
  • 测试 3:禁用 SSL 压缩。峰值内存 41.93MB。
  • 测试 4:修改了测试 3,同时启用了 SSL_MODE_RELEASE_BUFFERS。峰值内存为 11.49MB。

每个连接的大小会降至 11.5kB,当然这在您的应用程序中会有所不同。

您已经在使用 SSL_MODE_RELEASE_BUFFERS 但您也可以考虑禁用压缩。可以通过以下方式禁用压缩。它需要 openssl >= 1.0。

SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION | <other options>);

或者

SSL_set_options(ssl, SSL_OP_NO_COMPRESSION | <other options>);

于 2013-10-10T11:26:36.947 回答