openssl max number of concurrent connections

[-0-]

Hi there,

We have a closed source binary which uses openssl and allows for 526 concurrent connections on port 443. It does not appear to be getting this number from our configuration so it is either 1) source code driven or 2) an openssl limit.

I have been browsing online and I can't see any such limit for openssl, and to be honest I would be surprised if one existed because banking sites surely allow for more than 526 concurrent connections.

Do any of you know if there is such a limit with openssl?

Khannie

Could be quite a few things - an OS level limitation on file descriptors for example. Are you opening and closing sockets frequently? Are there a lot of sockets in a TIME_WAIT state?

Rather you than me trying to debug that.


edit:

[-0-] wrote: »

banking sites surely allow for more than 526 concurrent connections.

You're assuming they're all going to the same server, and not load balanced behind the scenes.

[-0-]

Cheers Khannie! It does not look like an openssl limit to me. I've been using objdump to look at what is going on behind the scenes, but my assembly isn't what it used to be. I can't see 0x20E or $526 in there at all.

Fun.

Khannie

Oh, one other thing to consider is the stack size. I think each new thread defaults to using 10MB on RedHat systems. If your machine doesn't have lots of ram, it can crap out pretty quickly with a high thread count. Again, this is in the sysctl area (which is definitely where I would be looking first - ulimit -a).

[-0-]

Turns out the application is doing it. Issue resolved. Boom!