SSL in Erlang/OTP
Alexey Shchepin
alexey@REDACTED
Mon Nov 17 21:48:11 CET 2003
Hi!
Can anyone help with following issues with SSL application?
* ssl:accept locks when when one TCP connection is established, but SSL
handshake is not finished. E.g. if Yaws is listen for SSL connections on
port 443 and someone runs "telnet this.server 443" (note that this is not
SSL-enabled telnet), then noone will be able to retreive web pages via this
port until this connection will be closed. As temporary solution I use
ssl:accept with small timeout value, but this is just workaround. IMHO
ssl:accept should not have such behaviour.
* ssl:send locks if another process runs ssl:recv on the same port. And I
can't use "{active, true}" option, because I need flow control. Again, as a
temporary solution I use timeout value in ssl:recv/3, so ssl:send can work
several times in second. But this makes notable increase of CPU load:
e.g. with ejabberd on jabber.ru (~440 connected users, ~100 using SSL) with
20ms timeout -- CPU load is ~40%, with 200ms -- 9-12%, with SSL switched
off -- 3-4%.
* (Feature Request) Many protocols have some kinds of STARTTLS command
(e.g. IMAP, POP3 (RFC2595), Jabber/XMPP). So this would be great to have
ability to convert gen_tcp sockets to ssl ones.
More information about the erlang-questions
mailing list