limitations of SSL

Peter H|gfeldt peter@REDACTED
Wed Nov 26 20:48:28 CET 2003 


On Tue, 25 Nov 2003, Nicolas Niclausse wrote:

> >>>>> "Peter" == Peter H|gfeldt <peter@REDACTED> writes:
> 
>  >> The SSL Release Notes state that «Erlang SSL applicaton does not
>  >> support session », and hence you can't reuse SSL id accross
>  >> connections; Is it planned for the next release of Erlang ?
> 
>  Peter> No, there are currently no such plans.
> 
> too bad
> 
>  >>  I tried to handle more than 1024 concurrent connections with Yaws;
>  >> it works well with HTTP (i raised my system's limit with 'ulimit -n
>  >> 2048'), but don't with HTTPS (on a Linux system with erlang R9C).
>  >> Is it possible to raise this limit with HTTPS (SSL) ?
> 
>  Peter> In the Erlang/OTP SSL port program one (1) socket is required
>  Peter> for each listen, and two (2) sockets are required for successful
>  Peter> connect or accept (one socket to the outside world, one socket
>  Peter> to the Erlang OS process).
> 
> 
> Yes, i understand that; my application is a proxy using ssl in both
> ways, therefore 4 sockets are used for each client. 
> 
> The problem is that the max number of file descriptors used by ssl_esock
> is set at compile time (FD_SETSIZE). That's not the case with gen_tcp 
> 
> Therefore (on Linux) by default, my proxy can't handle more that 256
> simultaneous users ...
> 
> I can try to raise FD_SETSIZE and recompile erlang, but it should be
> easier than that, no ? 

Yes, it should be easier than that, but currently it is not. 

On recent versions of Unix you can set FD_SETSIZE at compile time (on
the now quite old Redhat 7.2 (linux-2.4.7-10) you can't, but on later
versions I think you can; on Solaris 8 you can).

An immediate solution for you would then be to rebuild the SSL port
program (ssl_esock) with FD_SETSIZE set, for instance in the Makefile (I
assume you know how to do that). 

The "final" solution is to replace `select' with `poll', which does
not have a FD_SETSIZE limitation; at least for Unix. 

I will add the improvement request to our todo-list for the next 
release. 

/Peter

> 
> -- 
> Nicolas NICLAUSSE                       IDEALX S.A.S.
> Tél:01 44 42 00 00                      http://IDEALX.com/
>

More information about the erlang-questions mailing list