[erlang-questions] Erlang accepting SSL connection is really slow (comparing to C++)

Ali Sabil <>
Tue Apr 10 21:40:33 CEST 2012


Hi Red,

You are absolutely right, what I meant to say is that during the
negociation the best cipher/key exchange mechanism is generally
chosen, which is great for security, but sometimes not so great for
performance :)

On Tue, Apr 10, 2012 at 8:37 PM, Red Davies <> wrote:
> Greetings!
>
> On Tue, Apr 10, 2012 at 12:50 PM, Ali Sabil <> wrote:
>>
>> Hi Morgan,
>>
>> Did you check which cipher is being used in your c++ server vs the
>> erlang server? DHE ciphers are notably slow.
>>
>> You can check which cipher suite is being used with:
>>    openssl s_client -host HOST -port PORT
>
>
> Actually - this isn't completely true.  What the above command gives you is
> the specific cipher that openssl and your server negotiated FOR THAT
> SESSION.  Both clients and servers typically support multiple ciphers and
> versions.  During the SSL setup the two parties negotiate to find the most
> secure algorithm that they both support.
>
> There is every chance that openssl and your benchmarking software are
> utilising two different algorithms.
>
> To identify which algorithms are supported you need to use a tool such as
> THCSSLCheck: http://www.thc.org/root/tools/THCSSLCheck.zip
>
> Example output:
>
> :~/Downloads/thc$ wine THCSSLCheck.exe www.erlang.org 443
>
>
> ------------------------------------------------------------------------
> THCSSLCheck v0.1 - coding johnny cyberpunk (www.thc.org) 2004
> ------------------------------------------------------------------------
>
> [*] testing if port is up. pleaze wait...
> [*] port is up !
> [*] testing if service speaks SSL ...
> [*] service speaks SSL !
>
>
> [*] now testing SSLv2
> ----------------------------------------------------------------------
>                   DES-CBC3-MD5 - 168 Bits - unsupported
>                   IDEA-CBC-MD5 - 128 Bits - unsupported
>                    RC2-CBC-MD5 - 128 Bits - unsupported
>                        RC4-MD5 - 128 Bits - unsupported
>                     RC4-64-MD5 -  64 Bits - unsupported
>                    DES-CBC-MD5 -  56 Bits - unsupported
>                EXP-RC2-CBC-MD5 -  40 Bits - unsupported
>                    EXP-RC4-MD5 -  40 Bits - unsupported
>
>
> [*] now testing SSLv3
> ----------------------------------------------------------------------
>             DHE-RSA-AES256-SHA - 256 Bits -   supported
>             DHE-DSS-AES256-SHA - 256 Bits - unsupported
>                     AES256-SHA - 256 Bits -   supported
>           EDH-RSA-DES-CBC3-SHA - 168 Bits -   supported
>           EDH-DSS-DES-CBC3-SHA - 168 Bits - unsupported
>                   DES-CBC3-SHA - 168 Bits -   supported
>             DHE-RSA-AES128-SHA - 128 Bits -   supported
>             DHE-DSS-AES128-SHA - 128 Bits - unsupported
>                     AES128-SHA - 128 Bits -   supported
>                   IDEA-CBC-SHA - 128 Bits - unsupported
>                DHE-DSS-RC4-SHA - 128 Bits - unsupported
>                        RC4-SHA - 128 Bits -   supported
>                        RC4-MD5 - 128 Bits -   supported
>    EXP1024-DHE-DSS-DES-CBC-SHA -  56 Bits - unsupported
>            EXP1024-DES-CBC-SHA -  56 Bits - unsupported
>            EXP1024-RC2-CBC-MD5 -  56 Bits - unsupported
>            EDH-RSA-DES-CBC-SHA -  56 Bits -   supported
>            EDH-DSS-DES-CBC-SHA -  56 Bits - unsupported
>                    DES-CBC-SHA -  56 Bits -   supported
>        EXP1024-DHE-DSS-RC4-SHA -  56 Bits - unsupported
>                EXP1024-RC4-SHA -  56 Bits - unsupported
>                EXP1024-RC4-MD5 -  56 Bits - unsupported
>        EXP-EDH-RSA-DES-CBC-SHA -  40 Bits - unsupported
>        EXP-EDH-DSS-DES-CBC-SHA -  40 Bits - unsupported
>                EXP-DES-CBC-SHA -  40 Bits - unsupported
>                EXP-RC2-CBC-MD5 -  40 Bits - unsupported
>                    EXP-RC4-MD5 -  40 Bits - unsupported
>
>
> [*] now testing TLSv1
> ----------------------------------------------------------------------
>             DHE-RSA-AES256-SHA - 256 Bits -   supported
>             DHE-DSS-AES256-SHA - 256 Bits - unsupported
>                     AES256-SHA - 256 Bits -   supported
>           EDH-RSA-DES-CBC3-SHA - 168 Bits -   supported
>           EDH-DSS-DES-CBC3-SHA - 168 Bits - unsupported
>                   DES-CBC3-SHA - 168 Bits -   supported
>             DHE-RSA-AES128-SHA - 128 Bits -   supported
>             DHE-DSS-AES128-SHA - 128 Bits - unsupported
>                     AES128-SHA - 128 Bits -   supported
>                   IDEA-CBC-SHA - 128 Bits - unsupported
>                DHE-DSS-RC4-SHA - 128 Bits - unsupported
>                        RC4-SHA - 128 Bits -   supported
>                        RC4-MD5 - 128 Bits -   supported
>    EXP1024-DHE-DSS-DES-CBC-SHA -  56 Bits - unsupported
>            EXP1024-DES-CBC-SHA -  56 Bits - unsupported
>            EXP1024-RC2-CBC-MD5 -  56 Bits - unsupported
>            EDH-RSA-DES-CBC-SHA -  56 Bits -   supported
>            EDH-DSS-DES-CBC-SHA -  56 Bits - unsupported
>                    DES-CBC-SHA -  56 Bits -   supported
>        EXP1024-DHE-DSS-RC4-SHA -  56 Bits - unsupported
>                EXP1024-RC4-SHA -  56 Bits - unsupported
>                EXP1024-RC4-MD5 -  56 Bits - unsupported
>        EXP-EDH-RSA-DES-CBC-SHA -  40 Bits - unsupported
>        EXP-EDH-DSS-DES-CBC-SHA -  40 Bits - unsupported
>                EXP-DES-CBC-SHA -  40 Bits - unsupported
>                EXP-RC2-CBC-MD5 -  40 Bits - unsupported
>                    EXP-RC4-MD5 -  40 Bits - unsupported
>
> Kind Regards,
>
>
>
> Red
>


More information about the erlang-questions mailing list