mosquitto-users team mailing list archive

["Frisch, Michael" <Michael.Frisch@xxxxxxxxxx>]

That's a tremendous improvement over SSL compression enabled, SSL_MODE_RELEASE_BUFFERS disabled and a very welcome change.

- Mike

-----Original Message-----
From: mosquitto-users-bounces+michael.frisch=nuance.com@xxxxxxxxxxxxxxxxxxx [mailto:mosquitto-users-bounces+michael.frisch=nuance.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Roger Light
Sent: Monday, November 26, 2012 12:31 PM
To: mosquitto-users@xxxxxxxxxxxxxxxxxxx
Subject: [Mosquitto-users] SSL memory usage

Hi,

I've just done some crude testing with massif (the valgrind heap profiling tool) and mosquitto in various configurations. I'm connecting 1000 mosquitto_sub clients, all subscribing to $SYS/#. I'm not controlling any timing of when things happen, so there will be some small differences across tests.

Test 1: Mosquitto 1.0.5 without SSL. Peak memory usage hit 2.871MB.
Test 2: 1.0.5 with SSL, no client certificates. Peak memory of 617.3MB.
Test 3: Modified 1.0.5 with SSL compression disabled. Peak memory 41.93MB.
Test 4: Modified test 3 with SSL_MODE_RELEASE_BUFFERS enabled as well.
Peak memory of 11.49MB.

Quite an improvement I think you'll agree.

I'm planning on disabling SSL compression in version 1.1, with no option for enabling it. It makes a huge difference to memory usage and also mitigates against possible CRIME like attacks:
http://arstechnica.com/security/2012/09/many-ways-to-break-ssl-with-crime-attacks-experts-warn/

I haven't found any background on the possible downsides to using SSL_MODE_RELEASE_BUFFERS so it is difficult to say but it seems like a good candidate for inclusion.

Cheers,

Roger

--
Mailing list: https://launchpad.net/~mosquitto-users
Post to     : mosquitto-users@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~mosquitto-users
More help   : https://help.launchpad.net/ListHelp