Jump to content
Arnaud Bouchez

End Of Live OpenSSL 1.1 vs Slow OpenSSL 3.0

Recommended Posts

You may have noticed that the OpenSSL 1.1.1 series will reach End of Life (EOL) next Monday...
Most sensible options are to switch to 3.0 or 3.1 as soon as possible.

 

But we also discovered that switching to OpenSSL 3.0 could led into big performance regressions...
so which version do we need to use?
😮

 

I just published a blog article about this, and also how we tried to leverage any incompatibility issue within the mORMot OpenSSL layer:
https://blog.synopse.info/?post/2023/09/08/End-Of-Live-OpenSSL-1.1-vs-Slow-OpenSSL-3.0

Edited by Arnaud Bouchez
  • Like 2

Share this post


Link to post

When you say 'big performance regressions', if I read your article correctly you mean some cryptographic functions are slower in new versions, due to the provider layer that hides internal structures from being damaged by applications and allows flexibility for developers. 

 

The question is how many times a second are those operations performed in a typical web client or server, so what is the actual penalty?  Or is it once or twice a connection, so microseconds?

 

Angus

 

Share this post


Link to post

For the TLS layer, I did not notice any huge performance problem during the transmission.

Only the certificate checking may take longer than before.

  • Thanks 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×