[erlang-questions] SSL performance
Mon Feb 16 22:34:53 CET 2015
There is a reason for using only one process, as receiving of a message can
change the conditions for sending, but yes we are aware of this causing
And we are considering ways of handling this in other ways, although we
have a lot to do at the moment so no promises on when the official solution
the solution will be released.
Regards Ingela Erlang/OTP team - Ericsson AB
2015-02-11 17:30 GMT+01:00 Sean Cribbs <sean@REDACTED>:
> It doesn't sound like you're running into this, but we recently found
> there to be a potential deadlock in the ssl connection under high
> throughput, patched on our fork of OTP here:
> On Wed, Feb 11, 2015 at 10:11 AM, Andreas Schultz <aschultz@REDACTED>
>> ----- On 11 Feb, 2015, at 16:59, Loïc Hoguin essen@REDACTED wrote:
>> > On 02/11/2015 04:29 PM, Andreas Schultz wrote:
>> >> The cause for this is not the cryptographic library, but Erlang's
>> interface to
>> >> it.
>> >> Erlang's crypto application uses a non-optimized OpenSSL API to
>> execute the AES
>> >> encryption, while enacl seems to uses an highly optimized version.
>> >> Normally when doing AES, you first have to schedule the key, creating
>> >> encryption
>> >> context and then reuse that context for every block. Since the crypto
>> >> application
>> >> doesn't have stream_cipher versions of AES, it has to go through the
>> >> scheduling
>> >> on every invocation (every block). Also, OpenSSL can use assembler
>> optimized AES
>> >> functions on modern CPU's, but those are only available when OpenSSL's
>> >> interfaces
>> >> are used. Erlang's crypto does not use those.
>> > I have seen some work around EVP in the past few months. Is this not
>> > what you are talking about?
>> > commit 425a34001fdd5de8396c5c9903f4f38a9d49a15c
>> > Author: Alex Wilson <alex@REDACTED>
>> > Date: Thu Oct 9 21:39:29 2014 +1000
>> > crypto: use EVP for AES-CBC
>> > This enables the use of hardware acceleration for AES crypto
>> > on newer Intel CPUs (AES-NI), among other platforms.
>> That is a good step in the right direction. Still, it has to recreate the
>> EVP crypto context for every invocation. There was a discussion about
>> keeping the EVP context between invocations and use the crypto
>> stream_encrypt/decrypt instead. That would eliminate the overhead of the
>> context creation between calls.
>> > Cheers.
>> > --
>> > Loïc Hoguin
>> > http://ninenines.eu
>> Dipl. Inform.
>> Andreas Schultz
>> erlang-questions mailing list
> Sean Cribbs <sean@REDACTED>
> Sr. Software Engineer
> Basho Technologies, Inc.
> erlang-questions mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions