Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-40393

Disable SSL_MODE_RELEASE_BUFFERS in ASIO

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 3.4.22, 3.6.13, 4.1.10, 4.0.10
    • Security
    • None
    • Fully Compatible
    • v4.0, v3.6, v3.4
    • Security 2019-04-08
    • 0

    Description

      We should disable the use of SSL_MODE_RELEASE_BUFFERS in ASIO in MongoDB.

      According to https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_mode.html, SSL_MODE_RELEASE_BUFFERS :

      SSL_MODE_RELEASE_BUFFERS
      When we no longer need a read buffer or a write buffer for a given SSL, then release the memory we were using to hold it. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections.

       If we have 30k idle connections, that works out to 1 GB of data. 

       

      Attachments

        Activity

          People

            mark.benvenuto@mongodb.com Mark Benvenuto
            david.daly@mongodb.com David Daly
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: