[erlang-questions] ssl {reuse_sessions,false}

Fri Aug 23 15:31:11 CEST 2019

-ssl session_lifetime 120; each 2 minutes

will delete sessions from server_ssl_opt_session_cache

Right?

Oliver

On 23.08.19 14:52, Ingela Andin wrote:
> Hi!
>
> {reuse_sessions,false} just makes the current connection not use the 
> feature but the information is
> saved for possible other connections to use it, as it is configured 
> per connection and the ssl application can not know
> if might need it later.
>
> Since ssl-8.2.1 there should be a working limitation of the table, 
> although it is a soft limit due to current implementation trade offs, 
> and it will be shrieked gradually. At a very high load it might shrink 
> to slow, the workaround would be to have a callback for the session 
> table that does not save the information.
>
> We been thinking about changing the implementation but TLS-1.3 has a 
> new mechanism, and there is also other mechanisms for TLS 1.2 the we 
> have not implemented so it just have not landed in best way forward yet.
>
> Regards Ingela - Erlang/OTP Team - Ericsson AB
>
>
>
>
>
>
> Den fre 23 aug. 2019 kl 14:18 skrev Oliver Bollmann 
> <oliver.bollmann@REDACTED <mailto:oliver.bollmann@REDACTED>>:
>
>     Hi,
>
>     we have 5000 clients(third party) connecting each 25 seconds to our
>     server over tls 1.2,
>
>     24h later the table server_ssl_opt_session_cache has about 18 million
>     objects and allocate 5GByte!
>
>     If we use {reuse_sessions,false} the
>     table(server_ssl_opt_session_cache)
>     is not empty!
>
>     Any hints?
>
>     -- 
>     Grüße
>     Oliver Bollmann
>
>     _______________________________________________
>     erlang-questions mailing list
>     erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
>     http://erlang.org/mailman/listinfo/erlang-questions
>
-- 
Grüße
Oliver Bollmann

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190823/c30641a9/attachment.htm>