mosquitto-users team mailing list archive

Thread
Date

SSL memory usage

To: mosquitto-users@xxxxxxxxxxxxxxxxxxx
From: Roger Light <roger@xxxxxxxxxx>
Date: Mon, 26 Nov 2012 17:30:38 +0000
Sender: rogerlight@xxxxxxxxx

Hi,

I've just done some crude testing with massif (the valgrind heap
profiling tool) and mosquitto in various configurations. I'm
connecting 1000 mosquitto_sub clients, all subscribing to $SYS/#. I'm
not controlling any timing of when things happen, so there will be
some small differences across tests.

Test 1: Mosquitto 1.0.5 without SSL. Peak memory usage hit 2.871MB.
Test 2: 1.0.5 with SSL, no client certificates. Peak memory of 617.3MB.
Test 3: Modified 1.0.5 with SSL compression disabled. Peak memory 41.93MB.
Test 4: Modified test 3 with SSL_MODE_RELEASE_BUFFERS enabled as well.
Peak memory of 11.49MB.

Quite an improvement I think you'll agree.

I'm planning on disabling SSL compression in version 1.1, with no
option for enabling it. It makes a huge difference to memory usage and
also mitigates against possible CRIME like attacks:
http://arstechnica.com/security/2012/09/many-ways-to-break-ssl-with-crime-attacks-experts-warn/

I haven't found any background on the possible downsides to using
SSL_MODE_RELEASE_BUFFERS so it is difficult to say but it seems like a
good candidate for inclusion.

Cheers,

Roger

Follow ups

Re: SSL memory usage
From: Frisch, Michael, 2012-11-26