[squid-users] SSL bump , high memory usage
Amos Jeffries
squid3 at treenet.co.nz
Fri Oct 10 17:11:35 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/10/2014 5:26 a.m., Steve Hill wrote:
>
> I think I've identified the bulk of the memory "leak" I've been
> tracking down for the past few days. As it turns out, it doesn't
> seem to be a leak, but a problem with the SSL certificate caching.
>
> The certificate cache is set by dynamic_cert_mem_cache_size and
> defaults to 4MB. Squid assumes an SSL context is 1KB, so we can
> cache up to 4096 certificates:
>
> /// TODO: Replace on real size. #define SSL_CTX_SIZE 1024
>
> Unfortunately the assumed size isn't even close - it looks like an
> SSL context usually weighs in at about 900KB! So the default limit
> means the cache can actually grow to around 3.6GB. To make matters
> worse, each worker gets its own cache, so in an 8-way SMP
> configuration, the default "4MB" cache size limit actually ends up
> as around 30GB.
Aha, yes. That is http://bugs.squid-cache.org/show_bug.cgi?id=4005
If I'm understanding the discussions so far the "leak" is data stored
internally by OpenSSL when allocating certificate contexts. In this
case the generated cert chain and additional data. Squid has no way to
know how big that all is (varies between just a few KB and your MB),
so only accounts for what it can see.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUOBNHAAoJELJo5wb/XPRjgV0IANZpG56V3WrgjLPuLIDcOaJa
vqGXUbjZNzFVl6IMxXSdgxjZrjTwMzlYzYig3JQ0HUTwxSF8akXaNSLrGrZEW2mp
35w5ks9G3fh897P25prScyhWIuEV6KJOvWYxyseWNvRdth/EJRrTGLUJsv59US1E
b/W2251VOPJqCcEDovxBV2hvXMtBhJKQ0re+xhy5ot6EHs2TzSAdLqJlei5XypWg
FOwhHpwmcqPFyc3JlklSakTNcri0tNgswebNmp6Xbcs1Js4r0PRH7uNohr76wDJC
YmX1VfYX64aQxkkl1l4rlRW+PKEm7UHXZjlOnAxqKqiq+89VApw93pKkE6DoePc=
=fGD9
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list