Re: Hundreds of crypto file descriptors for Apache httpd

To: netbsd-users%netbsd.org@localhost
Subject: Re: Hundreds of crypto file descriptors for Apache httpd
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Thu, 12 Mar 2020 22:46:08 -0000 (UTC)

frank%phoenix.owl.de@localhost (Frank Wille) writes:

>Michael van Elst wrote:

>> I think the only option you have now is to prevent access to /dev/crypto.

>Confirmed! I renamed /dev/crypto and all the 200+ file desciptors per
>apache process are gone. Horde also feels snappier again and the PHP
>warning about FD_SETSIZE disappeared as well.

The remaining question is why 200 descriptors per process and not
just one. The engine code didn't work differently in previous
openssl versions.

Do you spawn 200 threads per process ? The mpm worker model might
do that, the prefork model should be safe.

I can imagine that openssl is now initialized (including devcrypto
engine) for every thread.

-- 
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."

References:
- Re: Hundreds of crypto file descriptors for Apache httpd
  - From: Frank Wille

Prev by Date: Re: Hundreds of crypto file descriptors for Apache httpd
Next by Date: Re: Shared object "libintl.so.9" not found (but its there)
Previous by Thread: Re: Hundreds of crypto file descriptors for Apache httpd
Next by Thread: UDP buffer sizes
Indexes:

Home | Main Index | Thread Index | Old Index