[erlang-questions] ssl {reuse_sessions,false}

Ingela Andin ingela.andin@REDACTED
Fri Aug 23 17:36:46 CEST 2019 

Yes it will, there is also:


*session_cache_client_max = integer() <optional>*

Limits the growth of the clients session cache, that is how many sessions
towards servers that are cached to be used by new client connections. If
the maximum number of sessions is reached, the current cache entries will
be invalidated regardless of their remaining lifetime. Defaults to 1000.
Recommended ssl-8.2.1 or later for this option to work as intended.
* session_cache_server_max = integer() <optional>*

Limits the growth of the servers session cache, that is how many client
sessions are cached by the server. If the maximum number of sessions is
reached, the current cache entries will be invalidated regardless of their
remaining lifetime. Defaults to 1000. Recommended ssl-8.2.1 or later for
this option to work as intended.

Regards Ingela

Den fre 23 aug. 2019 kl 15:31 skrev Oliver Bollmann <
oliver.bollmann@REDACTED>:

> -ssl session_lifetime 120; each 2 minutes
>
> will delete sessions from server_ssl_opt_session_cache
>
> Right?
>
> Oliver
>
> On 23.08.19 14:52, Ingela Andin wrote:
>
> Hi!
>
> {reuse_sessions,false} just makes the current connection not use the
> feature but the information is
> saved for possible other connections to use it, as it is configured per
> connection and the ssl application can not know
> if might need it later.
>
> Since ssl-8.2.1 there should be a working limitation of the table,
> although it is a soft limit due to current implementation trade offs, and
> it will be shrieked gradually. At a very high load it might shrink to slow,
> the workaround would be to have a callback for the session table that does
> not save the information.
>
> We been thinking about changing the implementation but TLS-1.3 has a new
> mechanism, and there is also other mechanisms for TLS 1.2 the we have not
> implemented so it just have not landed in best way forward yet.
>
> Regards Ingela - Erlang/OTP Team - Ericsson AB
>
>
>
>
>
>
> Den fre 23 aug. 2019 kl 14:18 skrev Oliver Bollmann <
> oliver.bollmann@REDACTED>:
>
>> Hi,
>>
>> we have 5000 clients(third party) connecting each 25 seconds to our
>> server over tls 1.2,
>>
>> 24h later the table server_ssl_opt_session_cache has about  18 million
>> objects and allocate 5GByte!
>>
>> If we use {reuse_sessions,false} the table(server_ssl_opt_session_cache)
>> is not empty!
>>
>> Any hints?
>>
>> --
>> Grüße
>> Oliver Bollmann
>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
> --
> Grüße
> Oliver Bollmann
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190823/05436537/attachment.htm>

More information about the erlang-questions mailing list