Depending on the version of the ssl application you may also set these values. I guess you have an older version as they default to 1000.
From doc:
Limits the growth of the clients session cache, that is how many sessions towards servers that are cached to be used by new client connections. If the maximum number of sessions is reached, the current cache entries will be invalidated regardless of their remaining lifetime. Defaults to 1000.
Limits the growth of the servers session cache, that is how many client sessions are cached by the server. If the maximum number of sessions is reached, the current cache entries will be invalidated regardless of their remaining lifetime. Defaults to 1000."
Regards Ingela Erlang/OTP Team - Ericsson AB
Hi Ingela!We've hit presumably the same bug on OTP 20.That's what I found:1. This patch https://github.com/erlang/otp/commit/256e01ce80b3aadd63f303b9bda5722ad313220f
-- we start invalidation only on Size == Max2. (flus...@127.0.0.1)33> (sys:get_state(ssl_manager))#state.session_cache_server_max.> 1000
3. (flus...@127.0.0.1)37> redbug:start("ssl_session_cache:size/1 -> return", [{msgs, 2}]).
...
ssl_session_cache:size/1 -> 8610379Seems like on high load if we accept some new sessions while session_validation does its job, cache size limiting stops working.
> Would it work for you if the test was changed to Size >= Max ?
Yes. Yesterday I hot-loaded ssl_manager on affected system. Cache size slowly decreased to 1000 and stays in a range of 200-1100.