On 26/04/17 09:58, Yuri Voinov wrote: > > Seriously? 2 Gb RAM for default CA?! > > 600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB All it would take is ~2000 TLS sessions. Since the session remains cached in OpenSSL after the TCP connection is gone ... 2GB is not that much. Amos