[erlang-questions] Erlang accepting SSL connection is really slow (comparing to C++)

Ali Sabil <>
Tue Apr 10 18:50:29 CEST 2012


Hi Morgan,

Did you check which cipher is being used in your c++ server vs the
erlang server? DHE ciphers are notably slow.

You can check which cipher suite is being used with:
    openssl s_client -host HOST -port PORT

On Tue, Apr 10, 2012 at 6:19 PM, Morgan Segalis <> wrote:
> Hi Loïc,
>
> That's what I was afraid of.
>
> Then what would be the best workaround in order to outcome this slowness of Erlang's SSL ?
> Using a C++ Driver ? would that be even possible to pass a Socket to the driver for it to upgrade it into a SSL one ?
>
> Thanks.
>
> Le 10 avr. 2012 à 17:56, Loïc Hoguin a écrit :
>
>> Hello!
>>
>> On 04/10/2012 05:27 PM, SEGALIS Morgan wrote:
>> [...]
>>> While it will take 10 second to a ssl accepting bit of C++ code to accept
>>> all of them (which don't even have multiple accept pending), in Erlang this
>>> is quite different. It will accept at most 20 connections a second
>>> (according to netstat info, whilst C++ accept more like 1K connection per
>>> seconds)
>>>
>>> While the 10K connections are awaiting for acceptance, I'm manually trying
>>> to connect as well.
>>>
>>>     openssl s_client -ssl3 -ign_eof -connect myserver.com:4242
>>>
>>> 3 cases happen when I do :
>>>
>>>  - Connection simply timeout
>>>  - Connection will connect after waiting for it 30 sec. at least
>>>  - Connection will occur almost directly
>>
>> The OTP SSL code is just very slow, and AFAIK the reason for this is that it's done in full Erlang. Here's a quick and dirty comparison between HTTP and HTTPS in Cowboy, where only the transport used differs:
>>
>> HTTP:
>>
>> % siege -b -c 100 http://localhost:8080/
>> ** SIEGE 2.70
>> ** Preparing 100 concurrent users for battle.
>> The server is now under siege...^C
>> Lifting the server siege...      done.
>> Transactions:                49266 hits
>> Availability:               100.00 %
>> Elapsed time:                 5.94 secs
>> Data transferred:             0.56 MB
>> Response time:                        0.01 secs
>> Transaction rate:          8293.94 trans/sec
>> Throughput:                   0.09 MB/sec
>> Concurrency:                 99.36
>> Successful transactions:       49266
>> Failed transactions:             0
>> Longest transaction:          0.06
>> Shortest transaction:         0.00
>>
>> HTTPS:
>>
>> % siege -b -c 100 https://localhost:8443/
>> ** SIEGE 2.70
>> ** Preparing 100 concurrent users for battle.
>> The server is now under siege...^C
>> Lifting the server siege...      done.
>> Transactions:                  698 hits
>> Availability:               100.00 %
>> Elapsed time:                 4.50 secs
>> Data transferred:             0.01 MB
>> Response time:                        0.59 secs
>> Transaction rate:           155.11 trans/sec
>> Throughput:                   0.00 MB/sec
>> Concurrency:                 92.15
>> Successful transactions:         698
>> Failed transactions:             0
>> Longest transaction:          1.14
>> Shortest transaction:         0.07
>>
>> This is on a Zenbook UX31E which is a damn good machine but it still shows a huge difference between both of them. And the more you try to accept at the same time, the longest time it can take to accept.
>>
>> --
>> Loïc Hoguin
>> Erlang Cowboy
>> Nine Nines
>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions



More information about the erlang-questions mailing list