nginx: src/event/ngx_event_openssl.c comparison

SSL: updated comment about session sizes. Previous numbers are somewhat outdated, typical ASN1 representations of sessions are slightly bigger now.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Wed, 12 Oct 2022 20:14:37 +0300
parents	38c71f9b2293
children	ec1fa010c3a5

comparison

equal deleted inserted replaced

-:38c71f9b2293
+:fa4b4f38da4a
 }
 /*
 * The length of the session id is 16 bytes for SSLv2 sessions and
-* between 1 and 32 bytes for SSLv3/TLSv1, typically 32 bytes.
+* between 1 and 32 bytes for SSLv3 and TLS, typically 32 bytes.
-* It seems that the typical length of the external ASN1 representation
+* Typical length of the external ASN1 representation of a session
-* of a session is 118 or 119 bytes for SSLv3/TSLv1.
+* is about 150 bytes plus SNI server name.
 *
-* Thus on 32-bit platforms we allocate separately an rbtree node,
+* On 32-bit platforms we allocate separately an rbtree node,
 * a session id, and an ASN1 representation, they take accordingly
-* 64, 32, and 128 bytes.
+* 64, 32, and 256 bytes.
 *
 * On 64-bit platforms we allocate separately an rbtree node + session_id,
-* and an ASN1 representation, they take accordingly 128 and 128 bytes.
+* and an ASN1 representation, they take accordingly 128 and 256 bytes.
 *
 * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow,
 * so they are outside the code locked by shared pool mutex
 */

Mercurial > hg > nginx