[erlang-questions] SSL performance

SeanD seand-erlang@REDACTED
Wed Feb 11 19:12:18 CET 2015 

Thanks for the deadlock fix details Sean.  This may not be affecting the
enclosed test, but could potentially occur in my real application.

Loïc, Andreas, Thanks for the hints about upcoming improvements.  I'll look
into those.

Jesper, Thanks, We've to deal with HTTPS traffic, so am guessing enacl is
of no use to me (at the moment)

Jon, the test was just to try and reproduce issues similar to what I was
seeing elsewhere when accessing HTTPS servers.  I was testing on a single
machine in order to stop the network being the bottleneck.  See my earlier
email to see results when using different machines for server and client.

Thanks again all for your input,
Sean





On Wed, Feb 11, 2015 at 4:30 PM, Sean Cribbs <sean@REDACTED> wrote:

> It doesn't sound like you're running into this, but we recently found
> there to be a potential deadlock in the ssl connection under high
> throughput, patched on our fork of OTP here:
>
>
> https://github.com/basho/otp/commit/e237383fe002af4f63f8419b35bac6f435856a38
>
> On Wed, Feb 11, 2015 at 10:11 AM, Andreas Schultz <aschultz@REDACTED>
> wrote:
>
>>
>>
>> ----- On 11 Feb, 2015, at 16:59, Loïc Hoguin essen@REDACTED wrote:
>>
>> > On 02/11/2015 04:29 PM, Andreas Schultz wrote:
>> >> The cause for this is not the cryptographic library, but Erlang's
>> interface to
>> >> it.
>> >> Erlang's crypto application uses a non-optimized OpenSSL API to
>> execute the AES
>> >> encryption, while enacl seems to uses an highly optimized version.
>> >>
>> >> Normally when doing AES, you first have to schedule the key, creating
>> an
>> >> encryption
>> >> context and then reuse that context for every block. Since the crypto
>> >> application
>> >> doesn't have stream_cipher versions of AES, it has to go through the
>> key
>> >> scheduling
>> >> on every invocation (every block). Also, OpenSSL can use assembler
>> optimized AES
>> >> functions on modern CPU's, but those are only available when OpenSSL's
>> EVP
>> >> interfaces
>> >> are used. Erlang's crypto does not use those.
>> >
>> > I have seen some work around EVP in the past few months. Is this not
>> > what you are talking about?
>> >
>> > commit 425a34001fdd5de8396c5c9903f4f38a9d49a15c
>> > Author: Alex Wilson <alex@REDACTED>
>> > Date:   Thu Oct 9 21:39:29 2014 +1000
>> >
>> >     crypto: use EVP for AES-CBC
>> >
>> >     This enables the use of hardware acceleration for AES crypto
>> >     on newer Intel CPUs (AES-NI), among other platforms.
>>
>> That is a good step in the right direction. Still, it has to recreate the
>> EVP crypto context for every invocation. There was a discussion about
>> keeping the EVP context between invocations and use the crypto
>> stream_encrypt/decrypt instead. That would eliminate the overhead of the
>> context creation between calls.
>>
>> Andreas
>>
>> > Cheers.
>> >
>> > --
>> > Loïc Hoguin
>> > http://ninenines.eu
>>
>> --
>> --
>> Dipl. Inform.
>> Andreas Schultz
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>
>
>
> --
> Sean Cribbs <sean@REDACTED>
> Sr. Software Engineer
> Basho Technologies, Inc.
> http://basho.com/
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150211/6f5eae21/attachment.htm>

More information about the erlang-questions mailing list