Module: sip-router Branch: master Commit: 0c5b835259ab27216a9f34ddf445a49604a6c70c URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0c5b8352...
Author: Andrei Pelinescu-Onciul andrei@iptel.org Committer: Andrei Pelinescu-Onciul andrei@iptel.org Date: Fri Mar 19 15:11:49 2010 +0100
tls: new parameters for advanced openssl options
- ssl_release_buffers: release internal openssl read or write buffers when they are no longer used (complete read or write that does not have to buffer anything). Should be used together with tls_free_list_max_len. Might have some performance impact (and extra *malloc pressure), but has also the potential of saving a lot of memory (at least 32k/idle connection in the default config, or ~16k+tls_max_send_fragment)). Works only with openssl >= 1.0.0.
- ssl_freelist_max_len: maximum length of free/unused memory buffers/chunks per connection. Setting it to 0 would cause any unused buffers to be immediately freed and hence a lower memory footprint (at the cost of a possible performance hit and more *malloc pressure). Too large value would result in extra memory consumption. The default is 32 in openssl. For lowest memory usage set it to 0 and tls_mode_release_buffers to 1. Works / makes sense only for openssl >= 1.0.0.
- ssl_max_send_fragment: maximum number of bytes (clear text) sent into one record. The default and maximum value are ~16k. Lower values would lead to a lower memory footprint. Values lower then the typical app. write size might decrease performance, so it should be kept ~2k+ for normal SIP traffic. Too low values (e.g. <1024) might cause the initial handshake to fail, so use with care. Works only for openssl >= 0.9.9.
- ssl_read_ahead: enable read ahead. Should increase performance (1 less syscall when enabled, else openssl makes 1 read() for each record header and another or the content), but might interact with SSL_pending() (not used right now). Default: 1 (enabled).
---
modules/tls/tls_domain.c | 244 ++++++++++++++++++++++++++++++++++++++++++++- modules/tls/tls_mod.c | 49 ++++++++-- modules/tls/tls_mod.h | 13 ++- 3 files changed, 288 insertions(+), 18 deletions(-)
Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=0c5b...