SSL in Erlang/OTP

Alexey Shchepin alexey@REDACTED
Mon Nov 17 21:48:11 CET 2003


Hi!

Can anyone help with following issues with SSL application?

* ssl:accept locks when when one TCP connection is established, but SSL
  handshake is not finished.  E.g. if Yaws is listen for SSL connections on
  port 443 and someone runs "telnet this.server 443" (note that this is not
  SSL-enabled telnet), then noone will be able to retreive web pages via this
  port until this connection will be closed.  As temporary solution I use
  ssl:accept with small timeout value, but this is just workaround.  IMHO
  ssl:accept should not have such behaviour.

* ssl:send locks if another process runs ssl:recv on the same port.  And I
  can't use "{active, true}" option, because I need flow control.  Again, as a
  temporary solution I use timeout value in ssl:recv/3, so ssl:send can work
  several times in second.  But this makes notable increase of CPU load:
  e.g. with ejabberd on jabber.ru (~440 connected users, ~100 using SSL) with
  20ms timeout -- CPU load is ~40%, with 200ms -- 9-12%, with SSL switched
  off -- 3-4%.

* (Feature Request) Many protocols have some kinds of STARTTLS command
  (e.g. IMAP, POP3 (RFC2595), Jabber/XMPP).  So this would be great to have
  ability to convert gen_tcp sockets to ssl ones.




More information about the erlang-questions mailing list