Mercurial > hg > nginx
changeset 8076:fa4b4f38da4a
SSL: updated comment about session sizes.
Previous numbers are somewhat outdated, typical ASN1 representations of
sessions are slightly bigger now.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 12 Oct 2022 20:14:37 +0300 |
parents | 38c71f9b2293 |
children | ec1fa010c3a5 |
files | src/event/ngx_event_openssl.c |
diffstat | 1 files changed, 6 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c Wed Oct 12 20:14:36 2022 +0300 +++ b/src/event/ngx_event_openssl.c Wed Oct 12 20:14:37 2022 +0300 @@ -3790,16 +3790,16 @@ /* * The length of the session id is 16 bytes for SSLv2 sessions and - * between 1 and 32 bytes for SSLv3/TLSv1, typically 32 bytes. - * It seems that the typical length of the external ASN1 representation - * of a session is 118 or 119 bytes for SSLv3/TSLv1. + * between 1 and 32 bytes for SSLv3 and TLS, typically 32 bytes. + * Typical length of the external ASN1 representation of a session + * is about 150 bytes plus SNI server name. * - * Thus on 32-bit platforms we allocate separately an rbtree node, + * On 32-bit platforms we allocate separately an rbtree node, * a session id, and an ASN1 representation, they take accordingly - * 64, 32, and 128 bytes. + * 64, 32, and 256 bytes. * * On 64-bit platforms we allocate separately an rbtree node + session_id, - * and an ASN1 representation, they take accordingly 128 and 128 bytes. + * and an ASN1 representation, they take accordingly 128 and 256 bytes. * * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow, * so they are outside the code locked by shared pool mutex