Re: OpenSSL 3.0 in the base system update
- Reply: Ed Maste : "Re: OpenSSL 3.0 in the base system update"
- In reply to: Ed Maste : "OpenSSL 3.0 in the base system update"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 09 Jun 2023 05:56:09 UTC
Dear Ed, Am 08.06.2023 um 20:13 schrieb Ed Maste: > Most of the base system is ready for a seamless switch to OpenSSL 3.0. > For several components we've added `-DOPENSSL_API_COMPAT=0x10100000L` > to CFLAGS to specify the API version, which avoids deprecation > warnings from OpenSSL 3.0. Changes have also been made to avoid > OpenSSL APIs already deprecated in OpenSSL 1.1. We can continue the > process of updating to contemporary APIs after OpenSSL 3.0 is in the > tree. at first thanks a lot to take care of it. I only want to ask a question: Regarding my information openssl 3.0 has a major performance problem compared to 1.1. I have this information only from the haproxy mailing list, where many users downgraded from 3.0 to 1.1 as they were not able to handle the traffic anymore with the same hardware. Maybe talk to the developers of haproxy, they have a very deep knowledge of openssl. OpenSSL 3.1 should be better, but what I read on the haproxy mailing list does not reaching the performance of 1.1. (I do not have the technical background, but I only wanted to ask that you are aware of this issue) Gruß Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook