From e31abc34f990e12efa57218a3b72d38969c6b142 Mon Sep 17 00:00:00 2001
From: Tharanga Gamaethige <tgamaethige@netflix.com>
Date: Fri, 26 Aug 2022 14:41:44 -0700
Subject: Release TLS read and write buffers when idle

By default OpenSSL uses static large read/write buffers with TLS
connections. For memcached instances with a lot of client connections
this can quickly add up to gigabytes of memory. This options allows the
buffers to release when the clients are idle.
---
 tls.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'tls.c')

diff --git a/tls.c b/tls.c
index 88320ab..3f1f6fa 100644
--- a/tls.c
+++ b/tls.c
@@ -228,6 +228,9 @@ int ssl_init(void) {
     SSL_CTX_set_options(settings.ssl_ctx, SSL_OP_NO_RENEGOTIATION);
 #endif
 
+    // Release TLS read/write buffers of idle connections
+    SSL_CTX_set_mode(settings.ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+
     return 0;
 }
 
-- 
cgit v1.2.1