limitations of SSL
Peter H|gfeldt
peter@REDACTED
Wed Nov 26 20:48:28 CET 2003
On Tue, 25 Nov 2003, Nicolas Niclausse wrote:
> >>>>> "Peter" == Peter H|gfeldt <peter@REDACTED> writes:
>
> >> The SSL Release Notes state that «Erlang SSL applicaton does not
> >> support session », and hence you can't reuse SSL id accross
> >> connections; Is it planned for the next release of Erlang ?
>
> Peter> No, there are currently no such plans.
>
> too bad
>
> >> I tried to handle more than 1024 concurrent connections with Yaws;
> >> it works well with HTTP (i raised my system's limit with 'ulimit -n
> >> 2048'), but don't with HTTPS (on a Linux system with erlang R9C).
> >> Is it possible to raise this limit with HTTPS (SSL) ?
>
> Peter> In the Erlang/OTP SSL port program one (1) socket is required
> Peter> for each listen, and two (2) sockets are required for successful
> Peter> connect or accept (one socket to the outside world, one socket
> Peter> to the Erlang OS process).
>
>
> Yes, i understand that; my application is a proxy using ssl in both
> ways, therefore 4 sockets are used for each client.
>
> The problem is that the max number of file descriptors used by ssl_esock
> is set at compile time (FD_SETSIZE). That's not the case with gen_tcp
>
> Therefore (on Linux) by default, my proxy can't handle more that 256
> simultaneous users ...
>
> I can try to raise FD_SETSIZE and recompile erlang, but it should be
> easier than that, no ?
Yes, it should be easier than that, but currently it is not.
On recent versions of Unix you can set FD_SETSIZE at compile time (on
the now quite old Redhat 7.2 (linux-2.4.7-10) you can't, but on later
versions I think you can; on Solaris 8 you can).
An immediate solution for you would then be to rebuild the SSL port
program (ssl_esock) with FD_SETSIZE set, for instance in the Makefile (I
assume you know how to do that).
The "final" solution is to replace `select' with `poll', which does
not have a FD_SETSIZE limitation; at least for Unix.
I will add the improvement request to our todo-list for the next
release.
/Peter
>
> --
> Nicolas NICLAUSSE IDEALX S.A.S.
> Tél:01 44 42 00 00 http://IDEALX.com/
>
More information about the erlang-questions
mailing list