[erlang-questions] Erlang accepting SSL connection is really slow (comparing to C++)
Ali Sabil
ali.sabil@REDACTED
Tue Apr 10 18:50:29 CEST 2012
Hi Morgan,
Did you check which cipher is being used in your c++ server vs the
erlang server? DHE ciphers are notably slow.
You can check which cipher suite is being used with:
openssl s_client -host HOST -port PORT
On Tue, Apr 10, 2012 at 6:19 PM, Morgan Segalis <msegalis@REDACTED> wrote:
> Hi Loïc,
>
> That's what I was afraid of.
>
> Then what would be the best workaround in order to outcome this slowness of Erlang's SSL ?
> Using a C++ Driver ? would that be even possible to pass a Socket to the driver for it to upgrade it into a SSL one ?
>
> Thanks.
>
> Le 10 avr. 2012 à 17:56, Loïc Hoguin a écrit :
>
>> Hello!
>>
>> On 04/10/2012 05:27 PM, SEGALIS Morgan wrote:
>> [...]
>>> While it will take 10 second to a ssl accepting bit of C++ code to accept
>>> all of them (which don't even have multiple accept pending), in Erlang this
>>> is quite different. It will accept at most 20 connections a second
>>> (according to netstat info, whilst C++ accept more like 1K connection per
>>> seconds)
>>>
>>> While the 10K connections are awaiting for acceptance, I'm manually trying
>>> to connect as well.
>>>
>>> openssl s_client -ssl3 -ign_eof -connect myserver.com:4242
>>>
>>> 3 cases happen when I do :
>>>
>>> - Connection simply timeout
>>> - Connection will connect after waiting for it 30 sec. at least
>>> - Connection will occur almost directly
>>
>> The OTP SSL code is just very slow, and AFAIK the reason for this is that it's done in full Erlang. Here's a quick and dirty comparison between HTTP and HTTPS in Cowboy, where only the transport used differs:
>>
>> HTTP:
>>
>> % siege -b -c 100 http://localhost:8080/
>> ** SIEGE 2.70
>> ** Preparing 100 concurrent users for battle.
>> The server is now under siege...^C
>> Lifting the server siege... done.
>> Transactions: 49266 hits
>> Availability: 100.00 %
>> Elapsed time: 5.94 secs
>> Data transferred: 0.56 MB
>> Response time: 0.01 secs
>> Transaction rate: 8293.94 trans/sec
>> Throughput: 0.09 MB/sec
>> Concurrency: 99.36
>> Successful transactions: 49266
>> Failed transactions: 0
>> Longest transaction: 0.06
>> Shortest transaction: 0.00
>>
>> HTTPS:
>>
>> % siege -b -c 100 https://localhost:8443/
>> ** SIEGE 2.70
>> ** Preparing 100 concurrent users for battle.
>> The server is now under siege...^C
>> Lifting the server siege... done.
>> Transactions: 698 hits
>> Availability: 100.00 %
>> Elapsed time: 4.50 secs
>> Data transferred: 0.01 MB
>> Response time: 0.59 secs
>> Transaction rate: 155.11 trans/sec
>> Throughput: 0.00 MB/sec
>> Concurrency: 92.15
>> Successful transactions: 698
>> Failed transactions: 0
>> Longest transaction: 1.14
>> Shortest transaction: 0.07
>>
>> This is on a Zenbook UX31E which is a damn good machine but it still shows a huge difference between both of them. And the more you try to accept at the same time, the longest time it can take to accept.
>>
>> --
>> Loïc Hoguin
>> Erlang Cowboy
>> Nine Nines
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
More information about the erlang-questions
mailing list