[erlang-questions] SSL server session cache table issues:
Fred Hebert
mononcqc@REDACTED
Wed Dec 7 14:30:59 CET 2016
On 12/07, Kenneth Lakin wrote:
>I'm using OTP 19.1.3 on a 32-bit Linux system.
>
>From what I can tell, there's no documented way to control the number of
>entries in the server SSL session cache ETS table. (That is, the
>server_ssl_otp_session_cache table.) Passing the {reuse_sessions, false}
>SSL server option does not prevent new entries in the table. The obvious
>(but undocumented) ways to control the number of entries in the server
>SSL session cache appear to fail to work.
>
The option is cleverly named; it mentions 'reuse_sessions' and from what
I recall, that's what it does; it prevents reuse of sessions, but not
their creation.
>Is there a way to control the size of the cache, without overriding the
>session cache callback with the (undocumented) session_cb ssl
>application option? Is my only hope to use the session_cb application
>option to switch to a noop session cache manager?
>
Not that I know of. It's been easier in our set up to just override the
behaviour to give a null cache than anything else.
Otherwise, just the sequential scans of the cache table to clean up the
sessions ended up costing us a lot in terms of latency, kind of forcing
a stop-the-world GC onto the SSL connections since if I recall, the
sequential scans blocked the table, which in turn block the session
manager process.
We further detected more scans happening due to a PEM cache, which we
patched options to bypass it in https://github.com/erlang/otp/pull/1143
-- the OTP team merged it in for OTP 19.1
More information about the erlang-questions
mailing list