[NETCONF-572] Work around SSHD memory inefficiencies Created: 01/Oct/18 Updated: 01/Oct/18 Resolved: 01/Oct/18 |
|
| Status: | Resolved |
| Project: | netconf |
| Component/s: | netconf |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Medium |
| Reporter: | Robert Varga | Assignee: | Robert Varga |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
sshd-core does not free KeyPairGenerator, as detailed in https://issues.apache.org/jira/browse/SSHD-846 . While we wait for an updated version, we can do something about it by hacking around with reflection, as the problem boils down to zeroing out a single field – especially since the scalability gains are significant (~26%). |
| Comments |
| Comment by Robert Varga [ 01/Oct/18 ] |
|
Actually we cannot make this work, as we do not have a reasonable hook into the rekeying mechanics. We could make initial exchange work on the assumption we can cleanup kex after the session has been authenticated – but rekeying would re-introduce the garbage anyway. |