Arnaud Bouchez 381 Posted September 8, 2023 (edited) You may have noticed that the OpenSSL 1.1.1 series will reach End of Life (EOL) next Monday... Most sensible options are to switch to 3.0 or 3.1 as soon as possible. But we also discovered that switching to OpenSSL 3.0 could led into big performance regressions... so which version do we need to use? 😮 I just published a blog article about this, and also how we tried to leverage any incompatibility issue within the mORMot OpenSSL layer: https://blog.synopse.info/?post/2023/09/08/End-Of-Live-OpenSSL-1.1-vs-Slow-OpenSSL-3.0 Edited September 8, 2023 by Arnaud Bouchez 2 Share this post Link to post
Angus Robertson 526 Posted September 8, 2023 When you say 'big performance regressions', if I read your article correctly you mean some cryptographic functions are slower in new versions, due to the provider layer that hides internal structures from being damaged by applications and allows flexibility for developers. The question is how many times a second are those operations performed in a typical web client or server, so what is the actual penalty? Or is it once or twice a connection, so microseconds? Angus Share this post Link to post
Arnaud Bouchez 381 Posted September 9, 2023 For the TLS layer, I did not notice any huge performance problem during the transmission. Only the certificate checking may take longer than before. 1 Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
