OpenSSL的:减少内存占用 [英] openssl: reducing memory usage
问题描述
美好的一天。我们已经写在C ++接受许多SSL / TLS连接的服务器;我们使用boost :: ASIO(所以后端的的OpenSSL )建立SSL。
Good day. We have a server written on C++ that accept many SSL/TLS connections; we are using boost::asio (so backend is openssl) to establish SSL.
在mement服务器使用有关的每个连接的内存160-200kbytes,我们要减少这种用法。提高:: ASIO是使用SSL_MODE_RELEASE_BUFFERS标志默认情况下,所以基本的优化已经完成。与播放则将ctx-方式> freelist_max_len
似乎没有什么变化。
At the mement server is using about 160-200kbytes of memory per connection and we want to reduce this usage. boost::asio is using SSL_MODE_RELEASE_BUFFERS flag by default, so basic optimisation is already done.. Playing with ctx->freelist_max_len
seems changes nothing.
这可怎么办呢?也许我们有一个额外的秘密设置?也许我们可以放心地禁用一些加密算法,以减少内存consuption?
How this can be done? Maybe we there is a additional "secret setting"? Probably we can safely disable some encryption algorithms to reduce memory consuption?
推荐答案
当我看着同样的事情,我使用地块时,1000个客户端分别接异形我的申请。
When I looked at the same thing, I profiled my application using massif when 1000 clients were connected.
- 测试1:不使用SSL。峰值内存使用量的命中2.871MB。
- 测试2:使用SSL,默认设置。 617.3MB的峰值内存。
- 测试3:使用SSL COM pression禁用。峰值记忆41.93MB。
- 测试4:修改的测试3 SSL_MODE_RELEASE_BUFFERS启用为好。 11.49MB的峰值内存。
这下到11.5kB每个连接,虽然这会在你的课中运用的不同。
That gets down to 11.5kB per connection, although this will be different in your application of course.
您已经在使用SSL_MODE_RELEASE_BUFFERS但你可以考虑禁用COM pression为好。禁用的COM pression可以与以下来实现。它需要的OpenSSL> = 1.0。
You're already using SSL_MODE_RELEASE_BUFFERS but you could consider disabling compression as well. Disabling compression can be achieved with the below. It requires openssl >= 1.0.
的SSL_CTX_set_options(SSL_CTX,SSL_OP_NO_COM preSSION |<其他选项>);
或
SSL_set_options(SSL,SSL_OP_NO_COM preSSION |<其他选项>);
这篇关于OpenSSL的:减少内存占用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!