[erlang-questions] SSL performance

Sean Cribbs sean@REDACTED
Wed Feb 11 17:30:49 CET 2015


It doesn't sound like you're running into this, but we recently found there
to be a potential deadlock in the ssl connection under high throughput,
patched on our fork of OTP here:

https://github.com/basho/otp/commit/e237383fe002af4f63f8419b35bac6f435856a38

On Wed, Feb 11, 2015 at 10:11 AM, Andreas Schultz <aschultz@REDACTED> wrote:

>
>
> ----- On 11 Feb, 2015, at 16:59, Loïc Hoguin essen@REDACTED wrote:
>
> > On 02/11/2015 04:29 PM, Andreas Schultz wrote:
> >> The cause for this is not the cryptographic library, but Erlang's
> interface to
> >> it.
> >> Erlang's crypto application uses a non-optimized OpenSSL API to execute
> the AES
> >> encryption, while enacl seems to uses an highly optimized version.
> >>
> >> Normally when doing AES, you first have to schedule the key, creating an
> >> encryption
> >> context and then reuse that context for every block. Since the crypto
> >> application
> >> doesn't have stream_cipher versions of AES, it has to go through the key
> >> scheduling
> >> on every invocation (every block). Also, OpenSSL can use assembler
> optimized AES
> >> functions on modern CPU's, but those are only available when OpenSSL's
> EVP
> >> interfaces
> >> are used. Erlang's crypto does not use those.
> >
> > I have seen some work around EVP in the past few months. Is this not
> > what you are talking about?
> >
> > commit 425a34001fdd5de8396c5c9903f4f38a9d49a15c
> > Author: Alex Wilson <alex@REDACTED>
> > Date:   Thu Oct 9 21:39:29 2014 +1000
> >
> >     crypto: use EVP for AES-CBC
> >
> >     This enables the use of hardware acceleration for AES crypto
> >     on newer Intel CPUs (AES-NI), among other platforms.
>
> That is a good step in the right direction. Still, it has to recreate the
> EVP crypto context for every invocation. There was a discussion about
> keeping the EVP context between invocations and use the crypto
> stream_encrypt/decrypt instead. That would eliminate the overhead of the
> context creation between calls.
>
> Andreas
>
> > Cheers.
> >
> > --
> > Loïc Hoguin
> > http://ninenines.eu
>
> --
> --
> Dipl. Inform.
> Andreas Schultz
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>



-- 
Sean Cribbs <sean@REDACTED>
Sr. Software Engineer
Basho Technologies, Inc.
http://basho.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150211/d19f63e3/attachment.htm>


More information about the erlang-questions mailing list