[erlang-questions] Erlang accepting SSL connection is really slow (comparing to C++)

Red Davies <>
Tue Apr 10 20:37:31 CEST 2012


Greetings!

On Tue, Apr 10, 2012 at 12:50 PM, Ali Sabil <> wrote:

> Hi Morgan,
>
> Did you check which cipher is being used in your c++ server vs the
> erlang server? DHE ciphers are notably slow.
>
> You can check which cipher suite is being used with:
>    openssl s_client -host HOST -port PORT
>

Actually - this isn't completely true.  What the above command gives you is
the specific cipher that openssl and your server negotiated FOR THAT
SESSION.  Both clients and servers typically support multiple ciphers and
versions.  During the SSL setup the two parties negotiate to find the most
secure algorithm that they both support.

There is every chance that openssl and your benchmarking software are
utilising two different algorithms.

To identify which algorithms are supported you need to use a tool such as
THCSSLCheck: http://www.thc.org/root/tools/THCSSLCheck.zip

Example output:

:~/Downloads/thc$ wine THCSSLCheck.exe www.erlang.org 443


------------------------------------------------------------------------
THCSSLCheck v0.1 - coding johnny cyberpunk (www.thc.org) 2004
------------------------------------------------------------------------

[*] testing if port is up. pleaze wait...
[*] port is up !
[*] testing if service speaks SSL ...
[*] service speaks SSL !


[*] now testing SSLv2
----------------------------------------------------------------------
                  DES-CBC3-MD5 - 168 Bits - unsupported
                  IDEA-CBC-MD5 - 128 Bits - unsupported
                   RC2-CBC-MD5 - 128 Bits - unsupported
                       RC4-MD5 - 128 Bits - unsupported
                    RC4-64-MD5 -  64 Bits - unsupported
                   DES-CBC-MD5 -  56 Bits - unsupported
               EXP-RC2-CBC-MD5 -  40 Bits - unsupported
                   EXP-RC4-MD5 -  40 Bits - unsupported


[*] now testing SSLv3
----------------------------------------------------------------------
            DHE-RSA-AES256-SHA - 256 Bits -   supported
            DHE-DSS-AES256-SHA - 256 Bits - unsupported
                    AES256-SHA - 256 Bits -   supported
          EDH-RSA-DES-CBC3-SHA - 168 Bits -   supported
          EDH-DSS-DES-CBC3-SHA - 168 Bits - unsupported
                  DES-CBC3-SHA - 168 Bits -   supported
            DHE-RSA-AES128-SHA - 128 Bits -   supported
            DHE-DSS-AES128-SHA - 128 Bits - unsupported
                    AES128-SHA - 128 Bits -   supported
                  IDEA-CBC-SHA - 128 Bits - unsupported
               DHE-DSS-RC4-SHA - 128 Bits - unsupported
                       RC4-SHA - 128 Bits -   supported
                       RC4-MD5 - 128 Bits -   supported
   EXP1024-DHE-DSS-DES-CBC-SHA -  56 Bits - unsupported
           EXP1024-DES-CBC-SHA -  56 Bits - unsupported
           EXP1024-RC2-CBC-MD5 -  56 Bits - unsupported
           EDH-RSA-DES-CBC-SHA -  56 Bits -   supported
           EDH-DSS-DES-CBC-SHA -  56 Bits - unsupported
                   DES-CBC-SHA -  56 Bits -   supported
       EXP1024-DHE-DSS-RC4-SHA -  56 Bits - unsupported
               EXP1024-RC4-SHA -  56 Bits - unsupported
               EXP1024-RC4-MD5 -  56 Bits - unsupported
       EXP-EDH-RSA-DES-CBC-SHA -  40 Bits - unsupported
       EXP-EDH-DSS-DES-CBC-SHA -  40 Bits - unsupported
               EXP-DES-CBC-SHA -  40 Bits - unsupported
               EXP-RC2-CBC-MD5 -  40 Bits - unsupported
                   EXP-RC4-MD5 -  40 Bits - unsupported


[*] now testing TLSv1
----------------------------------------------------------------------
            DHE-RSA-AES256-SHA - 256 Bits -   supported
            DHE-DSS-AES256-SHA - 256 Bits - unsupported
                    AES256-SHA - 256 Bits -   supported
          EDH-RSA-DES-CBC3-SHA - 168 Bits -   supported
          EDH-DSS-DES-CBC3-SHA - 168 Bits - unsupported
                  DES-CBC3-SHA - 168 Bits -   supported
            DHE-RSA-AES128-SHA - 128 Bits -   supported
            DHE-DSS-AES128-SHA - 128 Bits - unsupported
                    AES128-SHA - 128 Bits -   supported
                  IDEA-CBC-SHA - 128 Bits - unsupported
               DHE-DSS-RC4-SHA - 128 Bits - unsupported
                       RC4-SHA - 128 Bits -   supported
                       RC4-MD5 - 128 Bits -   supported
   EXP1024-DHE-DSS-DES-CBC-SHA -  56 Bits - unsupported
           EXP1024-DES-CBC-SHA -  56 Bits - unsupported
           EXP1024-RC2-CBC-MD5 -  56 Bits - unsupported
           EDH-RSA-DES-CBC-SHA -  56 Bits -   supported
           EDH-DSS-DES-CBC-SHA -  56 Bits - unsupported
                   DES-CBC-SHA -  56 Bits -   supported
       EXP1024-DHE-DSS-RC4-SHA -  56 Bits - unsupported
               EXP1024-RC4-SHA -  56 Bits - unsupported
               EXP1024-RC4-MD5 -  56 Bits - unsupported
       EXP-EDH-RSA-DES-CBC-SHA -  40 Bits - unsupported
       EXP-EDH-DSS-DES-CBC-SHA -  40 Bits - unsupported
               EXP-DES-CBC-SHA -  40 Bits - unsupported
               EXP-RC2-CBC-MD5 -  40 Bits - unsupported
                   EXP-RC4-MD5 -  40 Bits - unsupported

Kind Regards,



Red
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120410/d5857106/attachment.html>


More information about the erlang-questions mailing list