[erlang-questions] Erlang & TLS Termination

Frank Muller frank.muller.erl@REDACTED
Wed Sep 5 16:01:36 CEST 2018 

Thanks Fred. Forgot to mention that I’ve already read your blog post about
this.

/Frank

<mononcqc@REDACTED> a écrit :

> During my time at Heroku, we managed to make the Erlang TLS implementation
> (as a server) perform on par with Amazon's ELB stack -- it was something
> like 1-2ms (out of like 13-15ms) slower on the median case, but several
> seconds (if not minutes!) faster in the worst case, per connection, overall
> much more stable. We needed to patch a few things, but since around OTP-20,
> all of these have made it to upstream in OTP.
>
> The type of configuration used is described in a gist at
> https://gist.github.com/ferd/af9abf6b3600d2d7f08dba58fdfb514a -- the
> format changed in OTP-21, but the most important parts are all there.
>
> In short, it relies mostly on:
> - good configuration of cache (mostly disabling a bunch of them when you
> don't need disk cache)
> - good configuration of preferred cipher suites and ECCs (picking more
> complex ones than required slows things down -- i.e. picking a secp512 ECC
> instead of secp256 one iirc almost doubled the handshake time compared to
> AWS until we replicated their configurations)
>
>
> On Wed, Sep 5, 2018 at 9:19 AM, Frank Muller <frank.muller.erl@REDACTED>
> wrote:
>
>> Hi guys
>>
>> Would like to hear from your experience(s) on using Erlang with TLS/SSL.
>> The default Erlang stack doesn't perform well, Google says.
>>
>> Does anyone use Erlang in production behind:
>>
>> . Hitch: https://hitch-tls.org/
>> . Envoy: https://www.envoyproxy.io/
>> . HAProxy: http://www.haproxy.org/
>> . ???
>>
>> Or directly using:
>> . gen_ssl: how to make it scale?
>> . fast_tls: https://github.com/processone/fast_tls
>> . ???
>>
>> Some of the solutions above are fast, some scale well ... but all with
>> downsides (ex. Hitch adds  200kiB overhead per connection).
>>
>> We’re planning to go live with a fairly large number of secure
>> connections: 45k - 75k. The sessions should be short (few seconds).
>> Transferred data should range between 50KiB to 1miB max.
>>
>> Insights and/or feedbacks are very welcome.
>>
>> /Frank
>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180905/994357f3/attachment.htm>

More information about the erlang-questions mailing list