[erlang-questions] SSL performance

Jesper Louis Andersen jesper.louis.andersen@REDACTED
Wed Feb 11 15:32:59 CET 2015

On Wed, Feb 11, 2015 at 12:38 PM, SeanD <seand-erlang@REDACTED> wrote:

> Transferring a 200MB binary between 2 nodes on the same machine using
> gen_tcp is taking between 100 and 200 microseconds, whilst transferring the
> same binary using ssl usually takes around 3 seconds!  I'm currently using
> R16B01, but can happily move to a later version if this is required.

I have a Core i7-4900MQ, which is a pretty fast Haswell core.

Using the crypto application, encrypting 200 megabytes of 0'es with aes_ctr
mode, IV = 16 bytes of 0'es, key = binary:copy(<<"foobar">>, 4) (192 bit
key) takes 1.7 seconds. This is going to be the lower bound of an AES
stream in CTR mode. If your core is slower, then 3 seconds doesn't sound

Using the `enacl` application[0], Running 200 megabytes of 0'es through a
secretbox (xsalsa20 cipher + poly1305 MAC!, it is more secure than AES-CTR)
with a nonce of 24 bytes and a 256 bit secret key takes 397 milliseconds.
If you had picked a sane cryptographic library, this would have been the
lower limit :)

Fact is, I can encrypt-then-mac 4.3 times faster than SSL can encrypt in
AES-CTR mode.

In any case, I don't think you are experiencing anything odd, besides slow
cryptographic primitives.

[0] https://github.com/jlouis/enacl - Full disclosure: I'm the author, and
it requires OTP 17.3+ since it uses Steve Vinoski's dirty scheduler feature.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150211/cc5e1360/attachment.htm>

More information about the erlang-questions mailing list