From 1b9d47735c1ec807cbde37503e498eadec742aff Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Fri, 20 Jun 2014 12:00:00 -0700 Subject: [PATCH] Optionally don't store client's cipher list. This change causes the client's list of ciphers to be freed as soon as we have sent a server-hello. This saves small, but useful, amount of memory. --- ssl/s3_srvr.c | 12 ++++++++++++ ssl/ssl.h | 7 +++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 18d93b1f..84a5929c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1415,6 +1415,18 @@ int ssl3_send_server_hello(SSL *s) s->session->original_handshake_hash_len == 0) s->s3->tlsext_channel_id_valid = 0; + if (s->mode & SSL_MODE_RELEASE_BUFFERS) + { + /* Free s->session->ciphers in order to release memory. This + * breaks SSL_get_shared_ciphers(), but many servers will + * prefer the memory savings. + * + * It also breaks REUSE_CIPHER_BUG, which is disabled + * in our build. */ + sk_SSL_CIPHER_free(s->session->ciphers); + s->session->ciphers = NULL; + } + buf=(unsigned char *)s->init_buf->data; #ifdef OPENSSL_NO_TLSEXT p=s->s3->server_random; diff --git a/ssl/ssl.h b/ssl/ssl.h index 6c536427..bb6aa884 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -696,8 +696,11 @@ struct ssl_session_st /* Don't attempt to automatically build certificate chain */ #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L /* Save RAM by releasing read and write buffers when they're empty. (SSL3 and - * TLS only.) "Released" buffers are put onto a free-list in the context - * or just freed (depending on the context's setting for freelist_max_len). */ + * TLS only.) "Released" buffers are put onto a free-list in the context or + * just freed (depending on the context's setting for freelist_max_len). Also + * frees up RAM by releasing the list of client ciphersuites as soon as + * possible (SSL3 and TLS only). This stops SSL_get_shared_ciphers from + * working. */ #define SSL_MODE_RELEASE_BUFFERS 0x00000010L /* Send the current time in the Random fields of the ClientHello and