[erlang-questions] Memory leak in SSL

Danil Zagoskin <>
Mon Aug 21 13:36:05 CEST 2017


Hi Ingela!

We've hit presumably the same bug on OTP 20.
That's what I found:
  1. This patch
https://github.com/erlang/otp/commit/256e01ce80b3aadd63f303b9bda5722ad313220f
     -- we start invalidation only on Size == Max
  2. ()33>
(sys:get_state(ssl_manager))#state.session_cache_server_max.
     > 1000
  3. ()37> redbug:start("ssl_session_cache:size/1 ->
return", [{msgs, 2}]).
     ...
     ssl_session_cache:size/1 -> 8610379

Seems like on high load if we accept some new sessions while
session_validation does its job, cache size limiting stops working.

On Tue, Aug 8, 2017 at 4:55 PM, Ingela Andin <> wrote:

> Hi!
>
> Depending on the version of the ssl application you may also set these
> values. I guess you have an older version as they default to 1000.
>
> From doc:
>
> *"session_cache_client_max = integer() <optional>*
>
> Limits the growth of the clients session cache, that is how many sessions
> towards servers that are cached to be used by new client connections. If
> the maximum number of sessions is reached, the current cache entries will
> be invalidated regardless of their remaining lifetime. Defaults to 1000.
> * session_cache_server_max = integer() <optional>*
>
> Limits the growth of the servers session cache, that is how many client
> sessions are cached by the server. If the maximum number of sessions is
> reached, the current cache entries will be invalidated regardless of their
> remaining lifetime. Defaults to 1000."
>
>
> Regards Ingela Erlang/OTP Team - Ericsson AB
>
>
>
>
> 2017-08-08 11:25 GMT+02:00 Dmitry Kolesnikov <>:
>
>> Hello,
>>
>> Have you tried to disable reuse of ssl sessions?
>> {ssl_options, [{reuse_sessions, false}]}
>>
>> And reduce the session time
>> -ssl session_lifetime 120
>>
>> Best Regards,
>> Dmitry
>>
>> > On 8 Aug 2017, at 11.59, Max Treskin <> wrote:
>> >
>> > Hello,
>> >
>> > I have two different HTTPS-servers (different purposes, code, etc)
>> built on top of cowboy/ranch, and both have memory leaks.
>> > ETS table server_ssl_otp_session_cache has millions of records just
>> after hours of work and consumes gigabytes of RAM.
>> > What should I do to eliminate this? Is it bug or intended behaviour?
>> >
>> > Thanks
>> >
>> >
>> > _______________________________________________
>> > erlang-questions mailing list
>> > 
>> > http://erlang.org/mailman/listinfo/erlang-questions
>>
>> _______________________________________________
>> erlang-questions mailing list
>> 
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>
>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
>
>


-- 
Danil Zagoskin | 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170821/80afaf92/attachment.html>


More information about the erlang-questions mailing list