Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8076:fa4b4f38da4a
SSL: updated comment about session sizes.
Previous numbers are somewhat outdated, typical ASN1 representations of
sessions are slightly bigger now.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 12 Oct 2022 20:14:37 +0300 |
parents | 38c71f9b2293 |
children | ec1fa010c3a5 |
comparison
equal
deleted
inserted
replaced
8075:38c71f9b2293 | 8076:fa4b4f38da4a |
---|---|
3788 } | 3788 } |
3789 | 3789 |
3790 | 3790 |
3791 /* | 3791 /* |
3792 * The length of the session id is 16 bytes for SSLv2 sessions and | 3792 * The length of the session id is 16 bytes for SSLv2 sessions and |
3793 * between 1 and 32 bytes for SSLv3/TLSv1, typically 32 bytes. | 3793 * between 1 and 32 bytes for SSLv3 and TLS, typically 32 bytes. |
3794 * It seems that the typical length of the external ASN1 representation | 3794 * Typical length of the external ASN1 representation of a session |
3795 * of a session is 118 or 119 bytes for SSLv3/TSLv1. | 3795 * is about 150 bytes plus SNI server name. |
3796 * | 3796 * |
3797 * Thus on 32-bit platforms we allocate separately an rbtree node, | 3797 * On 32-bit platforms we allocate separately an rbtree node, |
3798 * a session id, and an ASN1 representation, they take accordingly | 3798 * a session id, and an ASN1 representation, they take accordingly |
3799 * 64, 32, and 128 bytes. | 3799 * 64, 32, and 256 bytes. |
3800 * | 3800 * |
3801 * On 64-bit platforms we allocate separately an rbtree node + session_id, | 3801 * On 64-bit platforms we allocate separately an rbtree node + session_id, |
3802 * and an ASN1 representation, they take accordingly 128 and 128 bytes. | 3802 * and an ASN1 representation, they take accordingly 128 and 256 bytes. |
3803 * | 3803 * |
3804 * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow, | 3804 * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow, |
3805 * so they are outside the code locked by shared pool mutex | 3805 * so they are outside the code locked by shared pool mutex |
3806 */ | 3806 */ |
3807 | 3807 |