Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-40393

Disable SSL_MODE_RELEASE_BUFFERS in ASIO

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.4.22, 3.6.13, 4.1.10, 4.0.10
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v4.0, v3.6, v3.4
    • Sprint:
      Security 2019-04-08
    • Linked BF Score:
      0

      Description

      We should disable the use of SSL_MODE_RELEASE_BUFFERS in ASIO in MongoDB.

      According to https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_mode.html, SSL_MODE_RELEASE_BUFFERS :

      SSL_MODE_RELEASE_BUFFERS
      When we no longer need a read buffer or a write buffer for a given SSL, then release the memory we were using to hold it. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections.

       If we have 30k idle connections, that works out to 1 GB of data. 

       

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: