Good day. We have a server written on C++ that accept many SSL/TLS connections; we are using boost::asio (so backend is openssl) to establish SSL.
At the mement server is using about 160-200kbytes of memory per connection and we want to reduce this usage. boost::asio is using SSL_MODE_RELEASE_BUFFERS flag by default, so basic optimisation is already done.. Playing with ctx->freelist_max_len
seems changes nothing.
How this can be done? Maybe we there is a additional "secret setting"? Probably we can safely disable some encryption algorithms to reduce memory consuption?
When I looked at the same thing, I profiled my application using massif when 1000 clients were connected.
That gets down to 11.5kB per connection, although this will be different in your application of course.
You're already using SSL_MODE_RELEASE_BUFFERS but you could consider disabling compression as well. Disabling compression can be achieved with the below. It requires openssl >= 1.0.
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION | <other options>);
or
SSL_set_options(ssl, SSL_OP_NO_COMPRESSION | <other options>);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With