limitations of SSL

[Nicolas Niclausse]

>>>>> "Peter" == Peter H|gfeldt <peter@REDACTED> writes:

 >> The SSL Release Notes state that «Erlang SSL applicaton does not
 >> support session », and hence you can't reuse SSL id accross
 >> connections; Is it planned for the next release of Erlang ?

 Peter> No, there are currently no such plans.

too bad

 >>  I tried to handle more than 1024 concurrent connections with Yaws;
 >> it works well with HTTP (i raised my system's limit with 'ulimit -n
 >> 2048'), but don't with HTTPS (on a Linux system with erlang R9C).
 >> Is it possible to raise this limit with HTTPS (SSL) ?

 Peter> In the Erlang/OTP SSL port program one (1) socket is required
 Peter> for each listen, and two (2) sockets are required for successful
 Peter> connect or accept (one socket to the outside world, one socket
 Peter> to the Erlang OS process).


Yes, i understand that; my application is a proxy using ssl in both
ways, therefore 4 sockets are used for each client. 

The problem is that the max number of file descriptors used by ssl_esock
is set at compile time (FD_SETSIZE). That's not the case with gen_tcp 

Therefore (on Linux) by default, my proxy can't handle more that 256
simultaneous users ...

I can try to raise FD_SETSIZE and recompile erlang, but it should be
easier than that, no ? 

-- 
Nicolas NICLAUSSE                       IDEALX S.A.S.
Tél:01 44 42 00 00                      http://IDEALX.com/