[erlang-questions] Erlang accepting SSL connection is really slow (comparing to C++)
Ali Sabil
ali.sabil@REDACTED
Tue Apr 10 21:35:44 CEST 2012
Hi Morgan,
In order to change the cipher, you can pass the {ciphers, Ciphers}
option to ssl:listen/2. The valid options for Ciphers can be retrieved
using ssl:cipher_suites/0.
On Tue, Apr 10, 2012 at 7:16 PM, Morgan Segalis <msegalis@REDACTED> wrote:
> Hi Ali,
>
> It is indeed.
> Cipher : DHE-RSA-AES256-SHA
>
> What would be the fastest Cipher, knowing that I don't really care about 128 or 256 encoding.
> And How can I change the Cipher on the SSL options ?
>
> Le 10 avr. 2012 à 18:50, Ali Sabil a écrit :
>
>> Hi Morgan,
>>
>> Did you check which cipher is being used in your c++ server vs the
>> erlang server? DHE ciphers are notably slow.
>>
>> You can check which cipher suite is being used with:
>> openssl s_client -host HOST -port PORT
>>
>> On Tue, Apr 10, 2012 at 6:19 PM, Morgan Segalis <msegalis@REDACTED> wrote:
>>> Hi Loïc,
>>>
>>> That's what I was afraid of.
>>>
>>> Then what would be the best workaround in order to outcome this slowness of Erlang's SSL ?
>>> Using a C++ Driver ? would that be even possible to pass a Socket to the driver for it to upgrade it into a SSL one ?
>>>
>>> Thanks.
>>>
>>> Le 10 avr. 2012 à 17:56, Loïc Hoguin a écrit :
>>>
>>>> Hello!
>>>>
>>>> On 04/10/2012 05:27 PM, SEGALIS Morgan wrote:
>>>> [...]
>>>>> While it will take 10 second to a ssl accepting bit of C++ code to accept
>>>>> all of them (which don't even have multiple accept pending), in Erlang this
>>>>> is quite different. It will accept at most 20 connections a second
>>>>> (according to netstat info, whilst C++ accept more like 1K connection per
>>>>> seconds)
>>>>>
>>>>> While the 10K connections are awaiting for acceptance, I'm manually trying
>>>>> to connect as well.
>>>>>
>>>>> openssl s_client -ssl3 -ign_eof -connect myserver.com:4242
>>>>>
>>>>> 3 cases happen when I do :
>>>>>
>>>>> - Connection simply timeout
>>>>> - Connection will connect after waiting for it 30 sec. at least
>>>>> - Connection will occur almost directly
>>>>
>>>> The OTP SSL code is just very slow, and AFAIK the reason for this is that it's done in full Erlang. Here's a quick and dirty comparison between HTTP and HTTPS in Cowboy, where only the transport used differs:
>>>>
>>>> HTTP:
>>>>
>>>> % siege -b -c 100 http://localhost:8080/
>>>> ** SIEGE 2.70
>>>> ** Preparing 100 concurrent users for battle.
>>>> The server is now under siege...^C
>>>> Lifting the server siege... done.
>>>> Transactions: 49266 hits
>>>> Availability: 100.00 %
>>>> Elapsed time: 5.94 secs
>>>> Data transferred: 0.56 MB
>>>> Response time: 0.01 secs
>>>> Transaction rate: 8293.94 trans/sec
>>>> Throughput: 0.09 MB/sec
>>>> Concurrency: 99.36
>>>> Successful transactions: 49266
>>>> Failed transactions: 0
>>>> Longest transaction: 0.06
>>>> Shortest transaction: 0.00
>>>>
>>>> HTTPS:
>>>>
>>>> % siege -b -c 100 https://localhost:8443/
>>>> ** SIEGE 2.70
>>>> ** Preparing 100 concurrent users for battle.
>>>> The server is now under siege...^C
>>>> Lifting the server siege... done.
>>>> Transactions: 698 hits
>>>> Availability: 100.00 %
>>>> Elapsed time: 4.50 secs
>>>> Data transferred: 0.01 MB
>>>> Response time: 0.59 secs
>>>> Transaction rate: 155.11 trans/sec
>>>> Throughput: 0.00 MB/sec
>>>> Concurrency: 92.15
>>>> Successful transactions: 698
>>>> Failed transactions: 0
>>>> Longest transaction: 1.14
>>>> Shortest transaction: 0.07
>>>>
>>>> This is on a Zenbook UX31E which is a damn good machine but it still shows a huge difference between both of them. And the more you try to accept at the same time, the longest time it can take to accept.
>>>>
>>>> --
>>>> Loïc Hoguin
>>>> Erlang Cowboy
>>>> Nine Nines
>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>
More information about the erlang-questions
mailing list