mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-14 23:44:41 +00:00
DOC: tune: explain the origin of block size for ssl.cachesize
A user could eventually ask himself where those 200 bytes block size are coming from. This patch tries to better explain the origin in case people are curious or want to double check the reality. Signed-off-by: William Dauchy <wdauchy@gmail.com>
This commit is contained in:
parent
4b10302fd8
commit
9a4bbfe151
@ -2520,16 +2520,17 @@ tune.sndbuf.server <number>
|
||||
|
||||
tune.ssl.cachesize <number>
|
||||
Sets the size of the global SSL session cache, in a number of blocks. A block
|
||||
is large enough to contain an encoded session without peer certificate.
|
||||
An encoded session with peer certificate is stored in multiple blocks
|
||||
depending on the size of the peer certificate. A block uses approximately
|
||||
200 bytes of memory. The default value may be forced at build time, otherwise
|
||||
defaults to 20000. When the cache is full, the most idle entries are purged
|
||||
and reassigned. Higher values reduce the occurrence of such a purge, hence
|
||||
the number of CPU-intensive SSL handshakes by ensuring that all users keep
|
||||
their session as long as possible. All entries are pre-allocated upon startup
|
||||
and are shared between all processes if "nbproc" is greater than 1. Setting
|
||||
this value to 0 disables the SSL session cache.
|
||||
is large enough to contain an encoded session without peer certificate. An
|
||||
encoded session with peer certificate is stored in multiple blocks depending
|
||||
on the size of the peer certificate. A block uses approximately 200 bytes of
|
||||
memory (based on `sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE`
|
||||
calculation used for `shctx_init` function). The default value may be forced
|
||||
at build time, otherwise defaults to 20000. When the cache is full, the most
|
||||
idle entries are purged and reassigned. Higher values reduce the occurrence
|
||||
of such a purge, hence the number of CPU-intensive SSL handshakes by ensuring
|
||||
that all users keep their session as long as possible. All entries are
|
||||
pre-allocated upon startup and are shared between all processes if "nbproc"
|
||||
is greater than 1. Setting this value to 0 disables the SSL session cache.
|
||||
|
||||
tune.ssl.force-private-cache
|
||||
This option disables SSL session cache sharing between all processes. It
|
||||
|
Loading…
Reference in New Issue
Block a user