<div dir="ltr">Thanks for the deadlock fix details Sean. This may not be affecting the enclosed test, but could potentially occur in my real application. <div><br></div><div>Loïc, Andreas, Thanks for the hints about upcoming improvements. I'll look into those.</div><div><br></div><div>Jesper, Thanks, We've to deal with HTTPS traffic, so am guessing enacl is of no use to me (at the moment)</div><div><br></div><div>Jon, the test was just to try and reproduce issues similar to what I was seeing elsewhere when accessing HTTPS servers. I was testing on a single machine in order to stop the network being the bottleneck. See my earlier email to see results when using different machines for server and client.</div><div><br></div><div>Thanks again all for your input,</div><div>Sean<br><div><br></div><div><br><div><br></div><div><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 11, 2015 at 4:30 PM, Sean Cribbs <span dir="ltr"><<a href="mailto:sean@basho.com" target="_blank">sean@basho.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">It doesn't sound like you're running into this, but we recently found there to be a potential deadlock in the ssl connection under high throughput, patched on our fork of OTP here:<div><br></div><div><a href="https://github.com/basho/otp/commit/e237383fe002af4f63f8419b35bac6f435856a38" target="_blank">https://github.com/basho/otp/commit/e237383fe002af4f63f8419b35bac6f435856a38</a><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 11, 2015 at 10:11 AM, Andreas Schultz <span dir="ltr"><<a href="mailto:aschultz@tpip.net" target="_blank">aschultz@tpip.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span><br>
<br>
----- On 11 Feb, 2015, at 16:59, Loïc Hoguin <a href="mailto:essen@ninenines.eu" target="_blank">essen@ninenines.eu</a> wrote:<br>
<br>
> On 02/11/2015 04:29 PM, Andreas Schultz wrote:<br>
>> The cause for this is not the cryptographic library, but Erlang's interface to<br>
>> it.<br>
>> Erlang's crypto application uses a non-optimized OpenSSL API to execute the AES<br>
>> encryption, while enacl seems to uses an highly optimized version.<br>
>><br>
>> Normally when doing AES, you first have to schedule the key, creating an<br>
>> encryption<br>
>> context and then reuse that context for every block. Since the crypto<br>
>> application<br>
>> doesn't have stream_cipher versions of AES, it has to go through the key<br>
>> scheduling<br>
>> on every invocation (every block). Also, OpenSSL can use assembler optimized AES<br>
>> functions on modern CPU's, but those are only available when OpenSSL's EVP<br>
>> interfaces<br>
>> are used. Erlang's crypto does not use those.<br>
><br>
> I have seen some work around EVP in the past few months. Is this not<br>
> what you are talking about?<br>
><br>
> commit 425a34001fdd5de8396c5c9903f4f38a9d49a15c<br>
> Author: Alex Wilson <<a href="mailto:alex@cooperi.net" target="_blank">alex@cooperi.net</a>><br>
> Date: Thu Oct 9 21:39:29 2014 +1000<br>
><br>
> crypto: use EVP for AES-CBC<br>
><br>
> This enables the use of hardware acceleration for AES crypto<br>
> on newer Intel CPUs (AES-NI), among other platforms.<br>
<br>
</span>That is a good step in the right direction. Still, it has to recreate the<br>
EVP crypto context for every invocation. There was a discussion about<br>
keeping the EVP context between invocations and use the crypto<br>
stream_encrypt/decrypt instead. That would eliminate the overhead of the<br>
context creation between calls.<br>
<span><font color="#888888"><br>
Andreas<br>
</font></span><span><br>
> Cheers.<br>
><br>
> --<br>
> Loïc Hoguin<br>
> <a href="http://ninenines.eu" target="_blank">http://ninenines.eu</a><br>
<br>
</span><span>--<span class=""><font color="#888888"><br>
--<br>
Dipl. Inform.<br>
Andreas Schultz<br>
</font></span></span><span class=""><font color="#888888"><div><div>_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
</div></div></font></span></blockquote></div><span class=""><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div>Sean Cribbs <<a href="mailto:sean@basho.com" target="_blank">sean@basho.com</a>><br>Sr. Software Engineer<br>Basho Technologies, Inc.<br><a href="http://basho.com/" target="_blank">http://basho.com/</a></div>
</font></span></div>
<br>_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
<br></blockquote></div><br></div></div></div></div></div>