mosquitto-users team mailing list archive
-
mosquitto-users team
-
Mailing list archive
-
Message #00117
Re: SSL memory usage
Really really interesting stuff, Roger... I wonder what IBM's tools do in
this context with regard to memory usage and compiler usage... although I
suspect they use IBM's own gskit for SSL rather than openssl.
Nice work - I'm sure this will be welcome to the growing group of users
with a mosquitto-based MQTT environment :-)
On Mon, Nov 26, 2012 at 6:27 PM, Frisch, Michael
<Michael.Frisch@xxxxxxxxxx>wrote:
> That's a tremendous improvement over SSL compression enabled,
> SSL_MODE_RELEASE_BUFFERS disabled and a very welcome change.
>
> - Mike
>
> -----Original Message-----
> From: mosquitto-users-bounces+michael.frisch=
> nuance.com@xxxxxxxxxxxxxxxxxxx [mailto:
> mosquitto-users-bounces+michael.frisch=nuance.com@xxxxxxxxxxxxxxxxxxx] On
> Behalf Of Roger Light
> Sent: Monday, November 26, 2012 12:31 PM
> To: mosquitto-users@xxxxxxxxxxxxxxxxxxx
> Subject: [Mosquitto-users] SSL memory usage
>
> Hi,
>
> I've just done some crude testing with massif (the valgrind heap profiling
> tool) and mosquitto in various configurations. I'm connecting 1000
> mosquitto_sub clients, all subscribing to $SYS/#. I'm not controlling any
> timing of when things happen, so there will be some small differences
> across tests.
>
> Test 1: Mosquitto 1.0.5 without SSL. Peak memory usage hit 2.871MB.
> Test 2: 1.0.5 with SSL, no client certificates. Peak memory of 617.3MB.
> Test 3: Modified 1.0.5 with SSL compression disabled. Peak memory 41.93MB.
> Test 4: Modified test 3 with SSL_MODE_RELEASE_BUFFERS enabled as well.
> Peak memory of 11.49MB.
>
> Quite an improvement I think you'll agree.
>
> I'm planning on disabling SSL compression in version 1.1, with no option
> for enabling it. It makes a huge difference to memory usage and also
> mitigates against possible CRIME like attacks:
>
> http://arstechnica.com/security/2012/09/many-ways-to-break-ssl-with-crime-attacks-experts-warn/
>
> I haven't found any background on the possible downsides to using
> SSL_MODE_RELEASE_BUFFERS so it is difficult to say but it seems like a good
> candidate for inclusion.
>
> Cheers,
>
> Roger
>
> --
> Mailing list: https://launchpad.net/~mosquitto-users
> Post to : mosquitto-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~mosquitto-users
> More help : https://help.launchpad.net/ListHelp
>
> --
> Mailing list: https://launchpad.net/~mosquitto-users
> Post to : mosquitto-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~mosquitto-users
> More help : https://help.launchpad.net/ListHelp
>
--
Andy Piper | Farnborough, Hampshire (UK)
blog: http://andypiper.co.uk | skype: andypiperuk
twitter: @andypiper | images: http://www.flickr.com/photos/andypiper
References