You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/10/01 17:56:00 UTC
[jira] [Commented] (SSHD-846) ECDH/HDG kex retains KeyPairGenerator
[ https://issues.apache.org/jira/browse/SSHD-846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16634397#comment-16634397 ]
ASF GitHub Bot commented on SSHD-846:
-------------------------------------
GitHub user rovarga opened a pull request:
https://github.com/apache/mina-sshd/pull/67
[SSHD-846] Allow KeyPairGenerators to be garbage-collected
Since we do not use the KeyPairGenerator once we have generated the keypair, make sure we remove our reference so it can be garbage-collected. With Bouncy Castle that translates to around ~34KiB memory savings per session.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/rovarga/mina-sshd dh-keygen
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/mina-sshd/pull/67.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #67
----
commit 90e4ebd11295a2164f60bc7a4c4b2fce68e35292
Author: Robert Varga <ro...@...>
Date: 2018-10-01T17:44:09Z
[SSHD-846] Allow KeyPairGenerators to be garbage-collected
----
> ECDH/HDG kex retains KeyPairGenerator
> -------------------------------------
>
> Key: SSHD-846
> URL: https://issues.apache.org/jira/browse/SSHD-846
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 1.6.0, 1.7.0, 2.0.0
> Reporter: Robert Varga
> Priority: Major
>
> Analysis of a heap dump of running OpenDaylight with 10K concurrent NETCONF sessions over SSH transport shows that around 16% of the heap is used by Bouncy Castle's KeyPairGeneratorSpi$EC and related objects – accounting for ~26% of OpenDaylight's per-session memory overhead.
> These objects are retained by org.apache.sshd.common.kex.ECDH's myKpairGen field, which is never used once a keypair is generated.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)