[erlang-questions] Memory leak in SSL

Ingela Andin <>
Mon Aug 21 15:23:58 CEST 2017


Hi!

2017-08-21 13:36 GMT+02:00 Danil Zagoskin <>:

> Hi Ingela!
>
> We've hit presumably the same bug on OTP 20.
> That's what I found:
>   1. This patch https://github.com/erlang/otp/commit/
> 256e01ce80b3aadd63f303b9bda5722ad313220f
>      -- we start invalidation only on Size == Max
>   2. ()33> (sys:get_state(ssl_manager))#
> state.session_cache_server_max.
>      > 1000
>   3. ()37> redbug:start("ssl_session_cache:size/1 ->
> return", [{msgs, 2}]).
>      ...
>      ssl_session_cache:size/1 -> 8610379
>
> Seems like on high load if we accept some new sessions while
> session_validation does its job, cache size limiting stops working.
>
>
Humm... maybe something was changed, that changed the criteria breaking
the  assumption, let me ponder that some more.
Would it work for you if the test was changed to Size >= Max ?

Regards Ingela Erlang/OTP Team - Ericsson AB



> On Tue, Aug 8, 2017 at 4:55 PM, Ingela Andin <>
> wrote:
>
>> Hi!
>>
>> Depending on the version of the ssl application you may also set these
>> values. I guess you have an older version as they default to 1000.
>>
>> From doc:
>>
>> *"session_cache_client_max = integer() <optional>*
>>
>> Limits the growth of the clients session cache, that is how many sessions
>> towards servers that are cached to be used by new client connections. If
>> the maximum number of sessions is reached, the current cache entries will
>> be invalidated regardless of their remaining lifetime. Defaults to 1000.
>> * session_cache_server_max = integer() <optional>*
>>
>> Limits the growth of the servers session cache, that is how many client
>> sessions are cached by the server. If the maximum number of sessions is
>> reached, the current cache entries will be invalidated regardless of their
>> remaining lifetime. Defaults to 1000."
>>
>>
>> Regards Ingela Erlang/OTP Team - Ericsson AB
>>
>>
>>
>>
>> 2017-08-08 11:25 GMT+02:00 Dmitry Kolesnikov <>:
>>
>>> Hello,
>>>
>>> Have you tried to disable reuse of ssl sessions?
>>> {ssl_options, [{reuse_sessions, false}]}
>>>
>>> And reduce the session time
>>> -ssl session_lifetime 120
>>>
>>> Best Regards,
>>> Dmitry
>>>
>>> > On 8 Aug 2017, at 11.59, Max Treskin <> wrote:
>>> >
>>> > Hello,
>>> >
>>> > I have two different HTTPS-servers (different purposes, code, etc)
>>> built on top of cowboy/ranch, and both have memory leaks.
>>> > ETS table server_ssl_otp_session_cache has millions of records just
>>> after hours of work and consumes gigabytes of RAM.
>>> > What should I do to eliminate this? Is it bug or intended behaviour?
>>> >
>>> > Thanks
>>> >
>>> >
>>> > _______________________________________________
>>> > erlang-questions mailing list
>>> > 
>>> > http://erlang.org/mailman/listinfo/erlang-questions
>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> 
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>>
>>
>> _______________________________________________
>> erlang-questions mailing list
>> 
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>>
>
>
> --
> Danil Zagoskin | 
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170821/e010a516/attachment.html>


More information about the erlang-questions mailing list