mosquitto-users team mailing list archive

Thread
Date

Re: SSL memory usage

To: "Frisch, Michael" <Michael.Frisch@xxxxxxxxxx>
From: "andypiperuk@xxxxxxxxx" <andypiperuk@xxxxxxxxx>
Date: Mon, 26 Nov 2012 20:23:22 +0000
Cc: "mosquitto-users@xxxxxxxxxxxxxxxxxxx" <mosquitto-users@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <5D5B7938C0FA6D418BF036797F42AF6830E49346@SOM-EXCH01.nuance.com>

Really really interesting stuff, Roger... I wonder what IBM's tools do in
this context with regard to memory usage and compiler usage... although I
suspect they use IBM's own gskit for SSL rather than openssl.

Nice work - I'm sure this will be welcome to the growing group of users
with a mosquitto-based MQTT environment :-)


On Mon, Nov 26, 2012 at 6:27 PM, Frisch, Michael
<Michael.Frisch@xxxxxxxxxx>wrote:

> That's a tremendous improvement over SSL compression enabled,
> SSL_MODE_RELEASE_BUFFERS disabled and a very welcome change.
>
> - Mike
>
> -----Original Message-----
> From: mosquitto-users-bounces+michael.frisch=
> nuance.com@xxxxxxxxxxxxxxxxxxx [mailto:
> mosquitto-users-bounces+michael.frisch=nuance.com@xxxxxxxxxxxxxxxxxxx] On
> Behalf Of Roger Light
> Sent: Monday, November 26, 2012 12:31 PM
> To: mosquitto-users@xxxxxxxxxxxxxxxxxxx
> Subject: [Mosquitto-users] SSL memory usage
>
> Hi,
>
> I've just done some crude testing with massif (the valgrind heap profiling
> tool) and mosquitto in various configurations. I'm connecting 1000
> mosquitto_sub clients, all subscribing to $SYS/#. I'm not controlling any
> timing of when things happen, so there will be some small differences
> across tests.
>
> Test 1: Mosquitto 1.0.5 without SSL. Peak memory usage hit 2.871MB.
> Test 2: 1.0.5 with SSL, no client certificates. Peak memory of 617.3MB.
> Test 3: Modified 1.0.5 with SSL compression disabled. Peak memory 41.93MB.
> Test 4: Modified test 3 with SSL_MODE_RELEASE_BUFFERS enabled as well.
> Peak memory of 11.49MB.
>
> Quite an improvement I think you'll agree.
>
> I'm planning on disabling SSL compression in version 1.1, with no option
> for enabling it. It makes a huge difference to memory usage and also
> mitigates against possible CRIME like attacks:
>
> http://arstechnica.com/security/2012/09/many-ways-to-break-ssl-with-crime-attacks-experts-warn/
>
> I haven't found any background on the possible downsides to using
> SSL_MODE_RELEASE_BUFFERS so it is difficult to say but it seems like a good
> candidate for inclusion.
>
> Cheers,
>
> Roger
>
> --
> Mailing list: https://launchpad.net/~mosquitto-users
> Post to     : mosquitto-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~mosquitto-users
> More help   : https://help.launchpad.net/ListHelp
>
> --
> Mailing list: https://launchpad.net/~mosquitto-users
> Post to     : mosquitto-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~mosquitto-users
> More help   : https://help.launchpad.net/ListHelp
>



-- 
Andy Piper | Farnborough, Hampshire (UK)
blog: http://andypiper.co.uk   |   skype: andypiperuk
twitter: @andypiper  |  images: http://www.flickr.com/photos/andypiper

References

SSL memory usage
From: Roger Light, 2012-11-26
Re: SSL memory usage
From: Frisch, Michael, 2012-11-26