Opened 4 years ago

Closed 11 months ago

#157 closed Patch submission (fixed)

Use SSL_MODE_RELEASE_BUFFERS if available

Reported by: crrodriguez Owned by: syzzer
Priority: trivial Milestone: release 2.4
Component: Crypto Version: 2.1.0 / 2.1.1
Severity: Not set (if unsure, select this one) Keywords: ssl performance memory
Cc:

Description

Hi:

The attached patch sets SSL_MODE_RELEASE_BUFFERS if available, to keep openSSL memory usage as low as possible.

For more info, see

http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html

https://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html

Attachments (1)

0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch (866 bytes) - added by crrodriguez 4 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 18 months ago by samuli

  • Keywords changed from ssl,performance,memory to ssl performance memory

comment:2 Changed 16 months ago by cron2

  • Milestone set to release 2.4
  • Owner set to syzzer
  • Status changed from new to assigned

OpenSSL indeed seems to eat a lot more money than PolarSSL.

Syzzer, can I interest you in this one...?

(As it's a "new feature, no bugfix, no long-term compatibility thing" it won't go into 2.3, but if we can save on memory for 2.4 without losing functionality, all for it)

comment:3 Changed 12 months ago by cron2

ping?

comment:4 Changed 12 months ago by syzzer

Sorry, overlooked this one. Patch looks sane, but needs to be adjusted to the current master. I'll do that, run some tests and - if successful - send an updated patch to the mailinglist.

Edit: I'll do this somewhere in the coming days.

Last edited 12 months ago by syzzer (previous) (diff)

comment:5 Changed 11 months ago by syzzer

  • Resolution set to fixed
  • Status changed from assigned to closed

"Coming days" became "coming weeks", but finally the patch has been applied to master, and will be included in OpenVPN 2.4.

Note: See TracTickets for help on using tickets.