US 11,818,173 B2
Reducing memory footprint after TLS connection establishment
Mohit Sahni, Fremont, CA (US); and Saurabh Tripathi, San Jose, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on May 29, 2020, as Appl. No. 16/888,640.
Prior Publication US 2021/0377308 A1, Dec. 2, 2021
Int. Cl. H04L 9/40 (2022.01); G06F 9/50 (2006.01); H04L 9/08 (2006.01)
CPC H04L 63/166 (2013.01) [G06F 9/5016 (2013.01); G06F 9/5022 (2013.01); H04L 9/085 (2013.01); H04L 9/0819 (2013.01); G06F 2209/5011 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A method comprising:
obtaining a first memory space for establishing a transport layer security (TLS) connection;
obtaining a second memory space that is smaller than the first memory space;
after the TLS connection is established,
copying cryptographic keys and TLS session information from the first memory space to the second memory space;
cleaning the first memory space after the cryptographic keys and TLS session information are copied, wherein the cleaning comprises at least cleaning the cryptographic keys and a shared secret from the first memory space;
releasing the first memory space after cleaning the first memory space; and
indicating the second memory space for asynchronous communications over the established TLS connection.