Opened 13 years ago

Closed 11 years ago

#157 closed Patch submission (fixed)

Use SSL_MODE_RELEASE_BUFFERS if available

Reported by: crrodriguez Owned by: Steffan Karger
Priority: trivial Milestone: release 2.4
Component: Crypto Version: OpenVPN 2.1.0 / 2.1.1 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: ssl performance memory
Cc:

Description

Hi:

The attached patch sets SSL_MODE_RELEASE_BUFFERS if available, to keep openSSL memory usage as low as possible.

For more info, see

http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html

https://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html

Attachments (1)

0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch (866 bytes) - added by crrodriguez 13 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 11 years ago by Samuli Seppänen

Keywords: ssl,performance,memoryssl performance memory

comment:2 Changed 11 years ago by Gert Döring

Milestone: release 2.4
Owner: set to Steffan Karger
Status: newassigned

OpenSSL indeed seems to eat a lot more money than PolarSSL.

Syzzer, can I interest you in this one...?

(As it's a "new feature, no bugfix, no long-term compatibility thing" it won't go into 2.3, but if we can save on memory for 2.4 without losing functionality, all for it)

comment:3 Changed 11 years ago by Gert Döring

ping?

comment:4 Changed 11 years ago by Steffan Karger

Sorry, overlooked this one. Patch looks sane, but needs to be adjusted to the current master. I'll do that, run some tests and - if successful - send an updated patch to the mailinglist.

Edit: I'll do this somewhere in the coming days.

Last edited 11 years ago by Steffan Karger (previous) (diff)

comment:5 Changed 11 years ago by Steffan Karger

Resolution: fixed
Status: assignedclosed

"Coming days" became "coming weeks", but finally the patch has been applied to master, and will be included in OpenVPN 2.4.

Note: See TracTickets for help on using tickets.