[erlang-questions] mochiweb https/ssl

Chandru <>
Fri May 6 22:30:27 CEST 2011

Hi Sasa,

On 6 May 2011 15:17, sasa <> wrote:

> Hello,
> thank you for the reply. It helped me move in the right direction, but
> I still can't figure out the underlying problem.
> I have configured stunnel on the test server. The stunnel acted as a
> https proxy to the http erlang server on the same machine.
> The behavior was somewhat better - the load test of about 2000
> requests would work correctly for about 30 seconds, then all
> subsequent requests would fail. When using erlang ssl, such load test
> would fail immediately.

Which side do you think they failed? Server or client?

> I have then moved stunnel proxy to a separate server, and then it
> worked perfectly.

> Currently, I am suspecting that cpu load might be the problem. When I
> had stunnel on the same machine as erlang server, cpu load was going
> high. The same thing happened when I used erlang ssl. When stunnel is
> on a separate machine, the cpu load on both machines is fairly low.

That is quite strange.  What is the spec of the machine? This might be a
peculiarity of the virtual instances you get on EC2. Is there any chance you
can repeat this test on dedicated hardware? When running both on the same
machine, have you monitored which process eats more CPU? beam or stunnel?

I remember a similar situation in the past trying to run load tests on EC2.
It was hard to get a predictable set of results when load testing because
the performance for the same test used to fluctuate.

I cannot explain why it works better with stunnel. Do I have to
> manually configure ssl sessions when using erlang? As I mentioned
> earlier, the client does long polling i.e. it sends an request, and as
> soon as the request is responded, the new one is made. Is it possible
> that ssl handhsake occurs for every request?

I doubt the handshake occurs for every request. It might have something to
do with the fact that stunnel is written in C so is likely to benefit in
terms of performance. You could try hipe compilation of the ssl application
to see if that gives you any better performance.


> On Fri, May 6, 2011 at 5:51 AM, Chandru
> <> wrote:
> > Hi,
> >
> > To rule out any issues with the implementation of ssl, I would suggest
> you
> > use stunnel (http://www.stunnel.org) to firstly do the SSL handling for
> you.
> > If your https tests work properly with that, then we know it is an issue
> > with the OTP implementation of SSL. If you still have the same problems,
> it
> > could be a problem with your setup.
> >
> > cheers
> > Chandru
> >
> _______________________________________________
> erlang-questions mailing list
> http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110506/4b35ffef/attachment.html>

More information about the erlang-questions mailing list