Memory leak issue with TLSv1.3 usage - OpensSSL-3.1.0

Ishani 18r01a05n6 at
Wed Aug 16 17:27:38 UTC 2023

Hi All,

     After changing the TLS protocol to TLSv1.3, we are observing some
memory leaks that indicates that the memory allocated for new session in
new_session_cb() is not freed properly. However, I have cleaned up the
memory as part of remove_session_cb() but still that memory leaks are

1. One multithreaded process that makes multiples TLS client connections.
2. One SSL_CTX for this process that internally manages the session cache
3. One External cache to use the TLS session from the internal cache.
4. For each thread/connection, SSL and SSL_SESSION is created and kept in
the internal and external cache.

Ideally, whenever a client is disconnected, the corresponding SSL_SESSION
need to be removed from internal cache using SSL_CTX_remove_session() and
then SSL_free() should be called to free the SSL and corresponding
SSL_SESSION. But for some of the test cases I observed the crash because of
double free when SSL_CTX_free() is called during the process shutdown.

What should be the proper sequence of cleaning up the SSL_SESSION, SSL,
SSL_CTX and removing session from the internal cache?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list