Closed
Bug 274989
Opened 21 years ago
Closed 20 years ago
SSL session client cache can grow without bounds
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 300043
3.12
People
(Reporter: julien.pierre, Assigned: nelson)
Details
Unlike the SSL server , which has a limited number of slots, configured at
initialization time, the SSL client cache knows no such bounds .
The only way SSL sessions get expunged from the client cache is when a restart
handshake happens, during which libssl inspects all the sessions in the cache
and frees all the ones that are expired or without a reference .
I think there should be limits on this cache as well. In a server application,
which talks to other servers, the memory growth from the unbounded client cache
can be a problem, since SSL sessions default to 24 hours expiration.
|
Reporter | |
Updated•21 years ago
|
Priority: -- → P2
Target Milestone: --- → 3.10
|
|
Assignee | |
Comment 1•21 years ago
|
||
It is not true that the only way that sessions are removed from the cache is
when attempting restarts. However, I agree that the client cache could and
should be redesigned to bound session cache growth and to organize the cache
so that the entries to be deleted are LRU.
|
|
Assignee | |
Updated•20 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
|
|
Assignee | |
Comment 2•20 years ago
|
||
I'd like to be able to improve this for 3.11, but 3.12 is probably the soonest
I can get to it.
Target Milestone: 3.10 → 3.12
|
|
Reporter | |
Comment 3•20 years ago
|
||
This is a duplicate. I'm leaving the bug with the most information open .
*** This bug has been marked as a duplicate of 300043 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•