[erlang-questions] SSL number of connections

Kaiduan Xie <>
Tue Feb 1 19:15:12 CET 2011


Ferenc,

I have been working a project with Erlang SSL for a while. For better
performance, please use R14B01. In Erlang, old SSL uses openssl, and
ssl_esock talks to Erlang in a port. Starting from R14, new ssl is
introduced where all SSL negotiation is done in Erlang instead of
openssl, only libcrypto is used in new ssl for encryption/decryption.

So far, I am very happy with the performance of new SSL. I managed to
server 100K SSL concurrent connections without any problem.

Best regards,

/Kaiduan

On Tue, Feb 1, 2011 at 11:55 AM, Ferenc Holzhauser
<> wrote:
> Hi,
>
> I'd like to use a lot (I was aiming at 20-30k) of active SSL connections
> from an Erlang app.
> I expected it to be no problem (assuming I have done all OS limit/kernel and
> Erlang max port settings correctly).
>
> I've come across 2 things though that have ruined my expectations.
>
> 1.
> Apparently ssl_esock opens a pair of local TCP connections to itself
> (according to lsof) on port 53813 for each SSL connection I open from the
> app.
> I intended to use multiple source/destination addresses to get around the
> TCP source port limitation and have more sessions. That trick won't work
> then.
>
> I must confess I don't know the purpose of this local connection but I'd
> really like to get rid of it if possible, is it?
>
> 2.
> There seems to be only 1 ssl_esock process running on the machine eventually
> eating up one CPU core (and not more) way before I'd reach any reasonable
> number of connections or the beam process would become very busy.
> It doesn't look very scalable. I have enough CPU power left and I'd really
> want to convince SSL to use it.
>
> Am I overlooking something? Is it really not possible to have more ssl_esock
> processes using more cores?
>
> I'm running R13B03 but I haven't found anything in R14 either addressing
> these issues.
>
> Thank you for your help in advance,
> Ferenc
>


More information about the erlang-questions mailing list