[release/8.0] Removed unused sessions from SSL_CTX internal cache #102095
+40
−11
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #101684 to release/8.0-staging
/cc @wfurt @rzikm
Customer Impact
Reported by customer via official support. Small repro available.
Customer sees increased memory usage when establishing large amount of connections to the same host in a quick succession.
Workaround is lowering the cache size via
System.Net.Security.TlsCacheSize
AppCtx switchDOTNET_SYSTEM_NET_SECURITY_TLSCACHESIZE
environment variableThe mechanism of the (bounded) memory leak is as follows:
The fix is to keep the two caches in sync and remove the dropped TLS session tickets from the internal cache as well.
Regression
Yes, the bug is part of TLS Session resumption feature on Linux, introduced in .NET 7.
Testing
Tested on customer provided repro, verified by tracking OpenSSL allocations in the app.
Risk
Low, the issue is well understood and the change is localized to the feature. Functional tests will verify TLS resumption works.