openssl: reducing memory usage

Question

Good day. We have a server written on C++ that accept many SSL/TLS connections; we are using boost::asio (so backend is openssl) to establish SSL.

At the mement server is using about 160-200kbytes of memory per connection and we want to reduce this usage. boost::asio is using SSL_MODE_RELEASE_BUFFERS flag by default, so basic optimisation is already done.. Playing with ctx->freelist_max_len seems changes nothing.

How this can be done? Maybe we there is a additional "secret setting"? Probably we can safely disable some encryption algorithms to reduce memory consuption?

Answer 1

When I looked at the same thing, I profiled my application using massif when 1000 clients were connected.

• Test 1: Without using SSL. Peak memory usage hit 2.871MB.
• Test 2: With SSL, default settings. Peak memory of 617.3MB.
• Test 3: With SSL compression disabled. Peak memory 41.93MB.
• Test 4: Modified test 3 with SSL_MODE_RELEASE_BUFFERS enabled as well. Peak memory of 11.49MB.

That gets down to 11.5kB per connection, although this will be different in your application of course.

You're already using SSL_MODE_RELEASE_BUFFERS but you could consider disabling compression as well. Disabling compression can be achieved with the below. It requires openssl >= 1.0.

SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION | <other options>);

or

SSL_set_options(ssl, SSL_OP_NO_COMPRESSION | <other options>);