SSL_CTX_set_mode(client_ctx, SSL_MODE_RELEASE_BUFFERS);

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL_CTX_set_mode(client_ctx, SSL_MODE_RELEASE_BUFFERS);

Michael Ströder
HI!

Could someone please have a look at this RPM patch:

https://build.opensuse.org/package/view_file/server:mail/postfix/postfix-ssl-release-buffers.patch?expand=1

I'm currently trying to update the RPM to 3.4.4 and I'd like to know
whether the above makes sense or whether it might even cause issues
especially with the new TLS connection handling in 3.4.x.

(Personally I hate obscure package patches anyway...)

Ciao, Michael.
Reply | Threaded
Open this post in threaded view
|

Re: SSL_CTX_set_mode(client_ctx, SSL_MODE_RELEASE_BUFFERS);

Wietse Venema
Michael Str?der:

> HI!
>
> Could someone please have a look at this RPM patch:
>
> https://build.opensuse.org/package/view_file/server:mail/postfix/postfix-ssl-release-buffers.patch?expand=1
>
> I'm currently trying to update the RPM to 3.4.4 and I'd like to know
> whether the above makes sense or whether it might even cause issues
> especially with the new TLS connection handling in 3.4.x.
>
> (Personally I hate obscure package patches anyway...)

According to the documentation:

SSL_MODE_RELEASE_BUFFERS

    When we no longer need a read buffer or a write buffer for a
    given SSL, then release the memory we were using to hold it.
    Using this flag can save around 34k per idle SSL connection.
    This flag has no effect on SSL v2 connections, or on DTLS
    connections.

If that description is accurate, then this patch just wastes some
CPU cycles. Postfix does not have idle TLS connections, except for
a fraction of a second when a TLS-encrypted connection is saved to
the connection cache. Such conections are saved only when there is
a steady flow of mail to the same destionstion, so they are reused
immediately.

        Wietse