[erlang-questions] Erlang accepting SSL connection is really slow (comparing to C++)

Morgan Segalis <>
Tue Apr 10 21:43:49 CEST 2012


Hi Ali,

I have tried almost all of them, giving only one ciphers  possibility per test.
It doesn't really change anything really… I was hoping for it :-(

Le 10 avr. 2012 à 21:35, Ali Sabil a écrit :

> Hi Morgan,
> 
> In order to change the cipher, you can pass the {ciphers, Ciphers}
> option to ssl:listen/2. The valid options for Ciphers can be retrieved
> using ssl:cipher_suites/0.
> 
> On Tue, Apr 10, 2012 at 7:16 PM, Morgan Segalis <> wrote:
>> Hi Ali,
>> 
>> It is indeed.
>> Cipher    : DHE-RSA-AES256-SHA
>> 
>> What would be the fastest Cipher, knowing that I don't really care about 128 or 256 encoding.
>> And How can I change the Cipher on the SSL options ?
>> 
>> Le 10 avr. 2012 à 18:50, Ali Sabil a écrit :
>> 
>>> Hi Morgan,
>>> 
>>> Did you check which cipher is being used in your c++ server vs the
>>> erlang server? DHE ciphers are notably slow.
>>> 
>>> You can check which cipher suite is being used with:
>>>    openssl s_client -host HOST -port PORT
>>> 
>>> On Tue, Apr 10, 2012 at 6:19 PM, Morgan Segalis <> wrote:
>>>> Hi Loïc,
>>>> 
>>>> That's what I was afraid of.
>>>> 
>>>> Then what would be the best workaround in order to outcome this slowness of Erlang's SSL ?
>>>> Using a C++ Driver ? would that be even possible to pass a Socket to the driver for it to upgrade it into a SSL one ?
>>>> 
>>>> Thanks.
>>>> 
>>>> Le 10 avr. 2012 à 17:56, Loïc Hoguin a écrit :
>>>> 
>>>>> Hello!
>>>>> 
>>>>> On 04/10/2012 05:27 PM, SEGALIS Morgan wrote:
>>>>> [...]
>>>>>> While it will take 10 second to a ssl accepting bit of C++ code to accept
>>>>>> all of them (which don't even have multiple accept pending), in Erlang this
>>>>>> is quite different. It will accept at most 20 connections a second
>>>>>> (according to netstat info, whilst C++ accept more like 1K connection per
>>>>>> seconds)
>>>>>> 
>>>>>> While the 10K connections are awaiting for acceptance, I'm manually trying
>>>>>> to connect as well.
>>>>>> 
>>>>>>     openssl s_client -ssl3 -ign_eof -connect myserver.com:4242
>>>>>> 
>>>>>> 3 cases happen when I do :
>>>>>> 
>>>>>>  - Connection simply timeout
>>>>>>  - Connection will connect after waiting for it 30 sec. at least
>>>>>>  - Connection will occur almost directly
>>>>> 
>>>>> The OTP SSL code is just very slow, and AFAIK the reason for this is that it's done in full Erlang. Here's a quick and dirty comparison between HTTP and HTTPS in Cowboy, where only the transport used differs:
>>>>> 
>>>>> HTTP:
>>>>> 
>>>>> % siege -b -c 100 http://localhost:8080/
>>>>> ** SIEGE 2.70
>>>>> ** Preparing 100 concurrent users for battle.
>>>>> The server is now under siege...^C
>>>>> Lifting the server siege...      done.
>>>>> Transactions:                49266 hits
>>>>> Availability:               100.00 %
>>>>> Elapsed time:                 5.94 secs
>>>>> Data transferred:             0.56 MB
>>>>> Response time:                        0.01 secs
>>>>> Transaction rate:          8293.94 trans/sec
>>>>> Throughput:                   0.09 MB/sec
>>>>> Concurrency:                 99.36
>>>>> Successful transactions:       49266
>>>>> Failed transactions:             0
>>>>> Longest transaction:          0.06
>>>>> Shortest transaction:         0.00
>>>>> 
>>>>> HTTPS:
>>>>> 
>>>>> % siege -b -c 100 https://localhost:8443/
>>>>> ** SIEGE 2.70
>>>>> ** Preparing 100 concurrent users for battle.
>>>>> The server is now under siege...^C
>>>>> Lifting the server siege...      done.
>>>>> Transactions:                  698 hits
>>>>> Availability:               100.00 %
>>>>> Elapsed time:                 4.50 secs
>>>>> Data transferred:             0.01 MB
>>>>> Response time:                        0.59 secs
>>>>> Transaction rate:           155.11 trans/sec
>>>>> Throughput:                   0.00 MB/sec
>>>>> Concurrency:                 92.15
>>>>> Successful transactions:         698
>>>>> Failed transactions:             0
>>>>> Longest transaction:          1.14
>>>>> Shortest transaction:         0.07
>>>>> 
>>>>> This is on a Zenbook UX31E which is a damn good machine but it still shows a huge difference between both of them. And the more you try to accept at the same time, the longest time it can take to accept.
>>>>> 
>>>>> --
>>>>> Loïc Hoguin
>>>>> Erlang Cowboy
>>>>> Nine Nines
>>>> 
>>>> _______________________________________________
>>>> erlang-questions mailing list
>>>> 
>>>> http://erlang.org/mailman/listinfo/erlang-questions
>> 




More information about the erlang-questions mailing list