diff options
author | Cristian Rodriguez <crrodriguez@opensuse.org> | 2014-05-25 15:52:58 +0200 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2014-05-25 21:38:48 +0200 |
commit | a6c573d22566a1dfc44ab060687192a4debc2e03 (patch) | |
tree | 028bbc72f680546985686a4828abb957330ae9aa /src | |
parent | 5b17803ebbb0989cf66033387dfa1ae7cb41bb25 (diff) | |
download | openvpn-a6c573d22566a1dfc44ab060687192a4debc2e03.tar.gz openvpn-a6c573d22566a1dfc44ab060687192a4debc2e03.tar.xz openvpn-a6c573d22566a1dfc44ab060687192a4debc2e03.zip |
Use SSL_MODE_RELEASE_BUFFERS if available
Sets SSL_MODE_RELEASE_BUFFERS if available, to keep openSSL memory
usage as low as possible.
For more info, see
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
https://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html
See also trac #157
Signed-off-by: Cristian Rodriguez <crrodriguez@opensuse.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <5381FEFF.1040609@karger.me>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/openvpn/ssl_openssl.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 3a222d8..4862bad 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -198,6 +198,9 @@ tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags) SSL_CTX_set_options (ctx->ctx, sslopt); } +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode (ctx, SSL_MODE_RELEASE_BUFFERS); +#endif SSL_CTX_set_session_cache_mode (ctx->ctx, SSL_SESS_CACHE_OFF); SSL_CTX_set_default_passwd_cb (ctx->ctx, pem_password_callback); |