[SERVER-40393] Disable SSL_MODE_RELEASE_BUFFERS in ASIO Created: 29/Mar/19  Updated: 29/Oct/23  Resolved: 03/Apr/19

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 3.4.22, 3.6.13, 4.1.10, 4.0.10

Type: Task Priority: Major - P3
Reporter: David Daly Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Related
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.0, v3.6, v3.4
Sprint: Security 2019-04-08
Participants:
Linked BF Score: 0

 Description   

We should disable the use of SSL_MODE_RELEASE_BUFFERS in ASIO in MongoDB.

According to https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_mode.html, SSL_MODE_RELEASE_BUFFERS :

SSL_MODE_RELEASE_BUFFERS
When we no longer need a read buffer or a write buffer for a given SSL, then release the memory we were using to hold it. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections.

 If we have 30k idle connections, that works out to 1 GB of data. 

 



 Comments   
Comment by Githook User [ 05/Jun/19 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-40393 Disable SSL_MODE_RELEASE_BUFFERS in ASIO
Branch: v3.4
https://github.com/mongodb/mongo/commit/1bdba8372b5d55e842acfca52ba0130e594c0418

Comment by Githook User [ 14/May/19 ]

Author:

{'name': 'Mark Benvenuto', 'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com'}

Message: SERVER-40393 Disable SSL_MODE_RELEASE_BUFFERS in ASIO
Branch: v3.6
https://github.com/mongodb/mongo/commit/a19bd8dae441feeea87b061066a53ad85e3aec9c

Comment by Luke Chen [ 11/Apr/19 ]

Fixing up fixversion as this ticket was not included as part of 4.0.9 release.

Comment by Githook User [ 08/Apr/19 ]

Author:

{'email': 'mark.benvenuto@mongodb.com', 'name': 'Mark Benvenuto', 'username': 'markbenvenuto'}

Message: SERVER-40393 Disable SSL_MODE_RELEASE_BUFFERS in ASIO

(cherry picked from commit c7476a53ab4e33914217b61c8e81f29b8df09322)
Branch: v4.0
https://github.com/mongodb/mongo/commit/39f04ef15d49671712e7ed409565c62e531e4a88

Comment by Githook User [ 03/Apr/19 ]

Author:

{'name': 'Mark Benvenuto', 'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com'}

Message: SERVER-40393 Disable SSL_MODE_RELEASE_BUFFERS in ASIO
Branch: master
https://github.com/mongodb/mongo/commit/c7476a53ab4e33914217b61c8e81f29b8df09322

Comment by Daniel Pasette (Inactive) [ 29/Mar/19 ]

thanks for pointing this out mark.benvenuto!

Generated at Thu Feb 08 04:54:50 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.