Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 9a4bbfe151b8db72ef4f353b5a1c5e1d60b20646^! / . / doc / configuration.txt
commit9a4bbfe151b8db72ef4f353b5a1c5e1d60b20646[log] [tgz]
authorWilliam Dauchy <wdauchy@gmail.com>Fri Feb 12 15:58:46 2021 +0100
committerWilly Tarreau <w@1wt.eu>Sat Feb 13 09:00:28 2021 +0100
tree2253d9aff9f6bfda3a624be1e15b6c39d8aecd5d
parent4b10302fd8ff75427ea9af767876b81331c75111 [diff] [blame]
DOC: tune: explain the origin of block size for ssl.cachesize

A user could eventually ask himself where those 200 bytes block size are
coming from. This patch tries to better explain the origin in case
people are curious or want to double check the reality.

Signed-off-by: William Dauchy <wdauchy@gmail.com>

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 6856463..b30b52f 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -2520,16 +2520,17 @@
 
 tune.ssl.cachesize <number>
   Sets the size of the global SSL session cache, in a number of blocks. A block
-  is large enough to contain an encoded session without peer certificate.
-  An encoded session with peer certificate is stored in multiple blocks
-  depending on the size of the peer certificate. A block uses approximately
-  200 bytes of memory. The default value may be forced at build time, otherwise
-  defaults to 20000. When the cache is full, the most idle entries are purged
-  and reassigned. Higher values reduce the occurrence of such a purge, hence
-  the number of CPU-intensive SSL handshakes by ensuring that all users keep
-  their session as long as possible. All entries are pre-allocated upon startup
-  and are shared between all processes if "nbproc" is greater than 1. Setting
-  this value to 0 disables the SSL session cache.
+  is large enough to contain an encoded session without peer certificate.  An
+  encoded session with peer certificate is stored in multiple blocks depending
+  on the size of the peer certificate. A block uses approximately 200 bytes of
+  memory (based on `sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE`
+  calculation used for `shctx_init` function). The default value may be forced
+  at build time, otherwise defaults to 20000. When the cache is full, the most
+  idle entries are purged and reassigned. Higher values reduce the occurrence
+  of such a purge, hence the number of CPU-intensive SSL handshakes by ensuring
+  that all users keep their session as long as possible. All entries are
+  pre-allocated upon startup and are shared between all processes if "nbproc"
+  is greater than 1. Setting this value to 0 disables the SSL session cache.
 
 tune.ssl.force-private-cache
   This option disables SSL session cache sharing between all processes. It