On 10/30/07, Lutz Jaenicke wrote:
> Ramashish Baranwal wrote:
> > Hi,
> >
> > I have a server which accepts ssl connections. I have a client which
> > does parallel ssl
> > connections to this. After closing all connections the server has
> > unfreed memory. This gets reused for subsequent ssl connections, so no
> > issue there.
> >
> > My problem is with the amount of memory left over.
> > I do about 4000 parallel connections and close all of them I have over
> > 2GB of memory still occupied by the process. I verified that this is due
> > to the ssl (did similar test with only the ssl part left out and I get
> > back all the memory).
> > But if I do the same 4000 connections sequentially (handshake is
> > sequential, but the ssl connection is kept active) and then close all of
> > them. The memory occupied is much less (a few 100 MBs)
> >

>
> How do you monitor the amount of memory used? Standard memory
> allocation with malloc() means that the memory for the heap is
> obtained with brk(). Whenever the total memory on the heap is not
> sufficient to satisfy the malloc() requests, the heap size is extended.
> The heap size will never be reduced again regardless of the amount
> of "free()" calls, the memory can however be reused. Therefore, if your
> application at one point in time needs a lot of heap space the memory
> consumption shown may be higher.


Thank you for the reply. I am monitoring the memory usage for the
process by using top command in Linux. My main concern is the
difference of the memory used when connections are made slowly but
kept open vs. when a large number of connections are made at almost
the same time. The difference is almost an order of magnitude (few
hundred MBs vs. around 2 GB). Is openssl using some kind of memory
caching for its ssl handshake which is not getting released when the
handshake is over?

Regards,
Ramashish

>
> Best regards,
> Lutz
> > version:
> > openssl-0.9.8b-14.fc7
> > openssl-devel-0.9.8b-14.fc7
> >
> > Any ideas what I may be doing wrong?
> >
> > The server code:
> >
> >
> > SSL_METHOD* meth = SSLv23_method();
> > ctx = SSL_CTX_new(meth);
> > .
> > .
> > SSL_CTX_load_verify_locations(...)
> > // This ctx is shared across all connections
> >
> >
> >
> > SSL* ssl = SSL_new(ctx);
> > SSL_set_bio(ssl, bio, bio);
> > SSL_accept(ssl);
> > .
> > .
> > .
> > SSL_set_shutdown();
> > SSL_free(ssl);
> >

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org