It’s no mystery that nobody could feel safe without SSL. Forget about on-line banking, shopping or just e-mail browsing. This technology has implementations in probably every programming language and in spite of performance differences between C, Python, Java, Erlang etc. one could expect that SSL is something so basic, it should be as fast as possible.
Not so long ago I had an occasion to load test an Erlang server which uses C bridge to OpenSSL and its experimental version completely ported to native OTP SSL implementation.
I didn’t expect it to be miraculously faster and less memory-consuming. I just wanted a cleaner version (C port is really messy in this case) with no significant performance degradation.
The reality was brutal. OTP SSL caused server to use ~20% more CPU (~64% opposed to ~46%) and ~14% more memory (~11.2GB opposed to ~12.8GB). This might not seem much but for folks who are particularly sensitive on CPU usage or every wasted GB of RAM, it is a blocker. Well, being of of these maniacs, I dare OTP team:
Can you improve SSL implementation so we can dump all crappy integration with OpenSSL?