ausimian
Kernel TLS offload for Elixir
I was curious whether it would be possible to use kernel TLS offload from Elixir. I have a preference for the non-blocking socket programming model over :gen_tcp (probably due to the brain damage I incurred by writing many C-based socket programs over the years) but there’s no equivalent support for TLS out of the box.
Just for fun, I put this little proof-of-concept together, showing how to do it (limited to TLS1.3) My takeaways are:
- It can be done this way
- It probably shouldn’t be done this way (there’s a few ‘naughty’ things it does to reach the end goal)
It would be neat if OTP offered this out of the box (although it would only work on Linux and maybe FreeBSD) and the programming model would still look like :sslI expect but just noop-ing the encryption/decryption in userspace, so it was transparent to the user.
First Post!
Schultzer
Interesting, am I understanding this correctly that the “new” socket is still under TLS but can use the socket API instead of the SSL API.
Popular in Discussions
Other popular topics
Latest on Elixir Forum
Sponsor Spotlight
We build reliable cloud platforms for business-critical systems.
Categories:
Sub Categories:
Forums
Our Sponsors
Build Elixir applications with speed and confidence.
Supporting innovation across the BEAM ecosystem.
We build reliable cloud platforms for business-critical systems.
Catch errors, track performance, monitor hosts and more.
Develop your skills with books, videos, and courses.
Enabling companies to succeed by building software people love.
The deployment platform built for Elixir: PaaS ease, VPS control.
Courses that'll move you from confusion to "Aha, now I get it!"