Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reduce the client TLS session cache size #1067

Merged
merged 2 commits into from
Nov 30, 2020

Conversation

carterkozak
Copy link
Contributor

Before this PR

We've seen heap dumps with ~500mb of tls session cache despite an
expectation that connections are reused. These large session caches seem
to show that we are creating new sessions anyhow, so there's little
point in caching old data.

After this PR

==COMMIT_MSG==
Reduce the client TLS session cache size
==COMMIT_MSG==

Possible downsides?

if the cache is needed in some scenario, we may see a lower hit rate.

@changelog-app
Copy link

changelog-app bot commented Nov 29, 2020

Generate changelog in changelog/@unreleased

Type

  • Feature
  • Improvement
  • Fix
  • Break
  • Deprecation
  • Manual task
  • Migration

Description

Reduce the client TLS session cache size

Check the box to generate changelog(s)

  • Generate changelog entry

@policy-bot policy-bot bot requested a review from CRogers November 29, 2020 16:50
We've seen heap dumps with ~500mb of tls session cache despite an
expectation that connections are reused. These large session caches seem
to show that we are creating new sessions anyhow, so there's little
point in caching old data.
@carterkozak carterkozak force-pushed the ckozak/reduce_client_tls_session_cache_size branch from 120b90a to 339ccee Compare November 29, 2020 16:51
.orElseGet(() -> SslSocketFactories.createSslContext(serviceConfig.security()));
// Reduce the session cache size for clients. We expect TLS connections to be reused, thus the cache isn't
// terribly important.
context.getClientSessionContext().setSessionCacheSize(100);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

down from a default of 20480 by the looks of things

    /**
     * Returns the size of the cache used for storing <code>SSLSession</code>
     * objects grouped under this <code>SSLSessionContext</code>.
     *
     * @implNote The JDK implementation returns the cache size as set by
     *           the {@code setSessionCacheSize} method, or if not set, the
     *           value of the {@systemProperty javax.net.ssl.sessionCacheSize}
     *           system property.  If neither is set, it returns a default
     *           value of 20480.
     *
     * @return size of the session cache; zero means there is no size limit.
     *
     * @see #setSessionCacheSize
     */
    public int getSessionCacheSize();

@bulldozer-bot bulldozer-bot bot merged commit b7692ab into develop Nov 30, 2020
@bulldozer-bot bulldozer-bot bot deleted the ckozak/reduce_client_tls_session_cache_size branch November 30, 2020 15:09
@svc-autorelease
Copy link
Collaborator

Released 1.89.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants