Store SSL certs in ETS vs in connection process?

Hi,
I saw this article[1] and they mention that they were observing high memory tls_connection process and identified that each process stores the certificates in each process. Looking at my own project, I’m observing the same thing.

Their solution was to “override” this and have the connection processes reference an ETS table, bringing down memory consumption dramatically:

We discovered that our HTTP client library was passing the certs to each process. With a little work, we figured out how to override this default behavior and force the HTTP client to use an ETS table to store the CA certs in one place.

I cannot find in the Erlang documentation how to do this, and by “figured out how to override” I take that to mean New Relic patched Erlang directly to achieve that.

Is there an option to configure tls_connection processes to store certs in an ETS table and reference them?

Thank you

[1] Hunting Memory Spikes in the Erlang BEAM | New Relic

2 Likes

I think they mean pass cacertfile instead of cacert. The override would be in the HTTP client library rather than Erlang itself.

1 Like

Ohh, that makes sense. I will give that a try, thank you.

1 Like