hazardfn

hazardfn

HTTPoison vs HTTPotion

I suppose this question is effectively hackney vs. ibrowse but we are at a point in our project where we have to make a choice between the 2 (or maybe there is a 3rd somebody wants to highlight?)

Just wondering if anybody has any constructive reasons as to why they would use one over the other?

Marked As Solved

voltone

voltone

Decided to write a blog post on the security posture of Elixir HTTPS clients. Linked here for future readers of this post:
https://blog.voltone.net/post/7

Also Liked

minhajuddin

minhajuddin

I have found Tesla to have a friendlier API

voltone

voltone

:ssl has improved a bit: it removed support for SSL 3.0, it added TLS 1.3 (still a bit flaky) along with some new ciphers/curves, and better handling of out-of-order certificates coming from the server. But what hasn’t changed is the default of verify: :verify_none, both for :ssl.connect/2,3,4 and the :httpc application.

HTTPotion seems to be ‘soft deprecated’.

Hackney has had a few issues lately due to :ssl changes. Sometimes it was possible to work around them, until a new version would land, by passing custom ssl options. The major catch there is that any custom ssl options passed to Hackney (and therefore HTTPoison and Tesla) will overwrite the secure defaults. So passing something like ssl: [versions: [:tlsv1_2]] reverts the :verify option back to :verify_none!

Mint attempts to merge custom ssl options with its own secure defaults (which is not trivial to do, since the individual options are inter-dependent). Any libraries that build on Mint should be fine too.

You can consider my ElixirConf EU 2019 talk ‘Learn you some :ssl for much security’ to be an updated version of the blog post referenced earlier in this thread. It is already a year old, but still mostly relevant.

hazardfn

hazardfn

This performance analysis is interesting, especially if HTTPotion by default isn’t running an “optimized” ibrowse - perhaps the optimization itself (increased session count to 300 and max pipeline count to 1) is irrelevant for anything but benchmarks.

The README does a very bad job of explaining exactly what these results mean to the developer.

I am inclined to go with HTTPoison based on the results of this alone.

Where Next?

Popular in Discussions Top

Qqwy
Looking at the stacks that existing large companies have used, WhatsApp internally uses Mnesia to store the messages, while Discord uses ...
New
MarioFlach
Hello, I want to share a project I’ve been working on for a while: https://github.com/almightycouch/gitgud Background Some time ago I ...
New
chuck
Let me start by stating an assumption: Phoenix is a great approach to building REST APIs. There are many reasons for this, but I will ass...
New
nburkley
AWS re:Invent is on at the moment with some interesting announcements. One new feature in particular is the Lambda Runtime API for AWS La...
New
AstonJ
I’ve just started the Phoenix part of the utterly brilliant online course by @pragdave. On generating the Phoenix app he uses the --no-ec...
New
IVR
Hi all, I’ve seen a number of related threads in the past, but I’d still be very curious to hear an up-to-date opinion on this topic. I...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New
klo
Got a question about when to concat vs. prepending items to list then reversing to achieve appending. So i know lists boil down to [1 | ...
New
RudManusachi
What configs will make sense to put to runtime.exs? – A bit of how I configure apps: I have generic configs in config/config.exs, dev...
New
Owens
Hello all, I am developing a new mobile app with Flutter frontend and Phoenix backend. The mobile app has real-time task management and c...
New

Other popular topics Top

AstonJ
Posting this to see if we can make things easier for people to get into Neovim. If you use Neovim and have a favourite distro please let ...
New
Nvim
Anybody knows a comprehensive comparison of Django and Phoenix, thanks for the help. Where are they similar? Where do they differ the m...
New
Patoshizzle
After calling mix ecto.create I get this error: 17:00:32.162 [error] GenServer #PID<0.412.0> terminating ** (Postgrex.Error) FATAL...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
jerry
Good day to you all. I have been struggling to get a query involving like and ilike to work. Can anyone assist me on this, please? pro...
New
pmjoe
I have a relationship of love and hate with Elixir. Lots of things are just absolutely right, but there are some things that are kind of ...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
AstonJ
Please see the new poll here: Which code editor or IDE do you use? (Poll) (2022 Edition) It’s been a while since we first asked this, I...
208 31142 143
New
bsollish-terakeet
Credo is smart enough to check for (something like) this: assert length(the_list) == 0 with this response: Checking if an enum is empt...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New

We're in Beta

About us Mission Statement