[erlang-questions] Memory leak in SSL

Danil Zagoskin <>
Tue Aug 22 12:50:14 CEST 2017


> Would it work for you if the test was changed to Size >= Max ?

Yes. Yesterday I hot-loaded ssl_manager on affected system. Cache size
slowly decreased to 1000 and stays in a range of 200-1100.

On Mon, Aug 21, 2017 at 4:23 PM, Ingela Andin <>
wrote:

> Hi!
>
> 2017-08-21 13:36 GMT+02:00 Danil Zagoskin <>:
>
>> Hi Ingela!
>>
>> We've hit presumably the same bug on OTP 20.
>> That's what I found:
>>   1. This patch https://github.com/erlang/otp/
>> commit/256e01ce80b3aadd63f303b9bda5722ad313220f
>>      -- we start invalidation only on Size == Max
>>   2. ()33> (sys:get_state(ssl_manager))#s
>> tate.session_cache_server_max.
>>      > 1000
>>   3. ()37> redbug:start("ssl_session_cache:size/1 ->
>> return", [{msgs, 2}]).
>>      ...
>>      ssl_session_cache:size/1 -> 8610379
>>
>> Seems like on high load if we accept some new sessions while
>> session_validation does its job, cache size limiting stops working.
>>
>>
> Humm... maybe something was changed, that changed the criteria breaking
> the  assumption, let me ponder that some more.
> Would it work for you if the test was changed to Size >= Max ?
>
> Regards Ingela Erlang/OTP Team - Ericsson AB
>
>
>
>> On Tue, Aug 8, 2017 at 4:55 PM, Ingela Andin <>
>> wrote:
>>
>>> Hi!
>>>
>>> Depending on the version of the ssl application you may also set these
>>> values. I guess you have an older version as they default to 1000.
>>>
>>> From doc:
>>>
>>> *"session_cache_client_max = integer() <optional>*
>>>
>>> Limits the growth of the clients session cache, that is how many
>>> sessions towards servers that are cached to be used by new client
>>> connections. If the maximum number of sessions is reached, the current
>>> cache entries will be invalidated regardless of their remaining lifetime.
>>> Defaults to 1000.
>>> * session_cache_server_max = integer() <optional>*
>>>
>>> Limits the growth of the servers session cache, that is how many client
>>> sessions are cached by the server. If the maximum number of sessions is
>>> reached, the current cache entries will be invalidated regardless of their
>>> remaining lifetime. Defaults to 1000."
>>>
>>>
>>> Regards Ingela Erlang/OTP Team - Ericsson AB
>>>
>>>
>>>
>>>
>>> 2017-08-08 11:25 GMT+02:00 Dmitry Kolesnikov <>:
>>>
>>>> Hello,
>>>>
>>>> Have you tried to disable reuse of ssl sessions?
>>>> {ssl_options, [{reuse_sessions, false}]}
>>>>
>>>> And reduce the session time
>>>> -ssl session_lifetime 120
>>>>
>>>> Best Regards,
>>>> Dmitry
>>>>
>>>> > On 8 Aug 2017, at 11.59, Max Treskin <> wrote:
>>>> >
>>>> > Hello,
>>>> >
>>>> > I have two different HTTPS-servers (different purposes, code, etc)
>>>> built on top of cowboy/ranch, and both have memory leaks.
>>>> > ETS table server_ssl_otp_session_cache has millions of records just
>>>> after hours of work and consumes gigabytes of RAM.
>>>> > What should I do to eliminate this? Is it bug or intended behaviour?
>>>> >
>>>> > Thanks
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > erlang-questions mailing list
>>>> > 
>>>> > http://erlang.org/mailman/listinfo/erlang-questions
>>>>
>>>> _______________________________________________
>>>> erlang-questions mailing list
>>>> 
>>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>>
>>>
>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> 
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>>>
>>
>>
>> --
>> Danil Zagoskin | 
>>
>
>


-- 
Danil Zagoskin | 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170822/db3e2f8b/attachment.html>


More information about the erlang-questions mailing list