[erlang-questions] SSL number of connections

Ferenc Holzhauser ferenc.holzhauser@REDACTED
Wed Feb 2 02:01:24 CET 2011


Hi,

Thanks a lot for the hint!
It looks lot better indeed with R14.

Best Regards,
Ferenc

On 1 February 2011 19:15, Kaiduan Xie <kaiduanx@REDACTED> wrote:

> Ferenc,
>
> I have been working a project with Erlang SSL for a while. For better
> performance, please use R14B01. In Erlang, old SSL uses openssl, and
> ssl_esock talks to Erlang in a port. Starting from R14, new ssl is
> introduced where all SSL negotiation is done in Erlang instead of
> openssl, only libcrypto is used in new ssl for encryption/decryption.
>
> So far, I am very happy with the performance of new SSL. I managed to
> server 100K SSL concurrent connections without any problem.
>
> Best regards,
>
> /Kaiduan
>
> On Tue, Feb 1, 2011 at 11:55 AM, Ferenc Holzhauser
> <ferenc.holzhauser@REDACTED> wrote:
> > Hi,
> >
> > I'd like to use a lot (I was aiming at 20-30k) of active SSL connections
> > from an Erlang app.
> > I expected it to be no problem (assuming I have done all OS limit/kernel
> and
> > Erlang max port settings correctly).
> >
> > I've come across 2 things though that have ruined my expectations.
> >
> > 1.
> > Apparently ssl_esock opens a pair of local TCP connections to itself
> > (according to lsof) on port 53813 for each SSL connection I open from the
> > app.
> > I intended to use multiple source/destination addresses to get around the
> > TCP source port limitation and have more sessions. That trick won't work
> > then.
> >
> > I must confess I don't know the purpose of this local connection but I'd
> > really like to get rid of it if possible, is it?
> >
> > 2.
> > There seems to be only 1 ssl_esock process running on the machine
> eventually
> > eating up one CPU core (and not more) way before I'd reach any reasonable
> > number of connections or the beam process would become very busy.
> > It doesn't look very scalable. I have enough CPU power left and I'd
> really
> > want to convince SSL to use it.
> >
> > Am I overlooking something? Is it really not possible to have more
> ssl_esock
> > processes using more cores?
> >
> > I'm running R13B03 but I haven't found anything in R14 either addressing
> > these issues.
> >
> > Thank you for your help in advance,
> > Ferenc
> >
>


More information about the erlang-questions mailing list