[erlang-questions] SSL server session cache table issues:

Fred Hebert mononcqc@REDACTED
Wed Dec 7 14:30:59 CET 2016


On 12/07, Kenneth Lakin wrote:
>I'm using OTP 19.1.3 on a 32-bit Linux system.
>
>From what I can tell, there's no documented way to control the number of
>entries in the server SSL session cache ETS table. (That is, the
>server_ssl_otp_session_cache table.) Passing the {reuse_sessions, false}
>SSL server option does not prevent new entries in the table. The obvious
>(but undocumented) ways to control the number of entries in the server
>SSL session cache appear to fail to work.
>

The option is cleverly named; it mentions 'reuse_sessions' and from what 
I recall, that's what it does; it prevents reuse of sessions, but not 
their creation.

>Is there a way to control the size of the cache, without overriding the
>session cache callback with the (undocumented) session_cb ssl
>application option? Is my only hope to use the session_cb application
>option to switch to a noop session cache manager?
>

Not that I know of. It's been easier in our set up to just override the 
behaviour to give a null cache than anything else.

Otherwise, just the sequential scans of the cache table to clean up the 
sessions ended up costing us a lot in terms of latency, kind of forcing 
a stop-the-world GC onto the SSL connections since if I recall, the 
sequential scans blocked the table, which in turn block the session 
manager process.

We further detected more scans happening due to a PEM cache, which we 
patched options to bypass it in https://github.com/erlang/otp/pull/1143 
-- the OTP team merged it in for OTP 19.1



More information about the erlang-questions mailing list