Processing the ssl proto inside erlang does sound like a better option and would make debugging easier as well. Problem currently is that its hogging file descriptors and there's no way to clean it up unless restarting the whole runtime.
Chih-Wei Yu

2010/1/28 Claes Wikström <klacke@tail-f.com>
Chih-Wei Yu wrote:
 We're running YAWS-1.75 with 12B-5 with SSL. Platform is Solaris 10 T5220. The problems experienced is a build up of TCP sockets in IDLE state (unbound sockets). There is connections in and out but everynow and then IDLE sockets just build up. Now what is seen is that the ssl_esock process (driver) are not closing these sockets. The sockets is both created for incoming connections as well as connection between the ssl_esock and Erlang. Has anyone experience this problem.

Hmmm some bells ringing but I don't exactly recall. I'm certain
I've heard this before but I don't remember the specifics.
Maybey the Kreditor folks know ??? - they run an awful lot of ssl

 Another question is if YAWS will be using the new implementation of SSL in Erlang?

I've tried the new ssl implementation a couple of times, and now redid
that test using R13B03 - and I can't get it to work.

I tried it the the first time over a a year ago. To enable again it's just

--- a/src/yaws_server.erl
+++ b/src/yaws_server.erl
@@ -863,8 +863,8 @@ ssl_listen_opts(GC, SSL) ->
         if ?gc_use_old_ssl(GC) ->
            true ->
-                 %%{ssl_imp, new} - still doesn't work (R13B)
-                 false
+                 {ssl_imp, new} %% - still doesn't work (R13B)
+                 %false

This time it worked better though - but still no go. Not yet working.
It would be great if it worked though since the esock thing has had several
(hard to find bugs) over the years and it's also much more efficent to
process the ssl proto inside the beam.