[erlang-questions] ssl {reuse_sessions,false}

Ingela Andin ingela.andin@REDACTED
Fri Aug 23 14:52:48 CEST 2019


{reuse_sessions,false} just makes the current connection not use the
feature but the information is
saved for possible other connections to use it, as it is configured per
connection and the ssl application can not know
if might need it later.

Since ssl-8.2.1 there should be a working limitation of the table, although
it is a soft limit due to current implementation trade offs, and it will be
shrieked gradually. At a very high load it might shrink to slow, the
workaround would be to have a callback for the session table that does not
save the information.

We been thinking about changing the implementation but TLS-1.3 has a new
mechanism, and there is also other mechanisms for TLS 1.2 the we have not
implemented so it just have not landed in best way forward yet.

Regards Ingela - Erlang/OTP Team - Ericsson AB

Den fre 23 aug. 2019 kl 14:18 skrev Oliver Bollmann <

> Hi,
> we have 5000 clients(third party) connecting each 25 seconds to our
> server over tls 1.2,
> 24h later the table server_ssl_opt_session_cache has about  18 million
> objects and allocate 5GByte!
> If we use {reuse_sessions,false} the table(server_ssl_opt_session_cache)
> is not empty!
> Any hints?
> --
> Grüße
> Oliver Bollmann
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190823/4fa462c0/attachment.htm>

More information about the erlang-questions mailing list