From nobody Fri Jun 09 05:56:09 2023 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qcr1B5rjdz4bnlc for ; Fri, 9 Jun 2023 05:56:14 +0000 (UTC) (envelope-from mfechner@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qcr1B2K37z3Hy9 for ; Fri, 9 Jun 2023 05:56:14 +0000 (UTC) (envelope-from mfechner@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686290174; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xd0bpappmxURXmqzTk3Qfdwr1Y2/6YiaLVqaC/JpNek=; b=cSlAn1IawhzwPxEtCFJjIAQ3++8/Dgz+VhmJqjRYVkyAvkmzslB88DAlw8o5lDFDgt4KZt 4x3xOkkJQHYjVkRQIUuPU2r5JUgmYAl854dqtUJauVW+93YlnenlZo0JoKyvK15HSu6HEL Fwgz/xvwjFo5xUtctdK36SuM66hq500eGMu9AlDqnkcXMaSROow5sdz4YI2Vhbojm1JAl1 1y+eRAeIdsO4xy+kf9NBCqEKqxccVlFDpMXx1ptBcA4FlCZk5E0DQYjcSSmautsYv4VJIy 1k8gGyv0sjx+sYk+E25+DkWPMCIPW4bS/n+CdM75tMFQj8F7jUHQIzYVWmUVWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686290174; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xd0bpappmxURXmqzTk3Qfdwr1Y2/6YiaLVqaC/JpNek=; b=WlmHccyZKBJK3No3SzDbIV1Gb9sWLbvWHKRKVkZQLkOHsSuXm3KIKJXLlfba+Ayxw+aUDC YiX17fkDTBA8lRz16t09ZnQVTBz9gZgNQstoxDtohjsNu5uO7flBdnZUyCT47M7Pc20RGW B4wOIDBcU/gX+4abg0SSKWLI9bwnTjqS2xiKZxZHM7OWeya/7/fmBeljjtf2RaLYRw+TjY qjYnE9prFzt3k/cQ7L6XE8+DtLEaVS/KzfId/kwCg354cyzuupf62I1gijr15SKgoJT+op BH7gDeYkwQykWh/+14n096vP3HcvirqSASTKUrHuOFcbpImId9EkFgFfM+pNkQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1686290174; a=rsa-sha256; cv=none; b=AEEU2XCndq7QayQc0Q5yBP0V8mrtqfhAvg1AdIBVeY/FwcsrJpaei5E5r96yJC5HDjSgix qd31KLuiWNV/QJNh1nLhcRLt5beeV3Zgro9ZCT/x2b4cmWMnY3fhpRREXemZTO3VdkIJcI E3U1PRBJYKWBVaJDlQzBUXGc05FHbyKblQcf4JAXdOscXCusIbi5U1qyJ43JWvuOzEip0N qRgLav/56TffMEc60YKam2nCLkyU0qcOYttyRNBZ4nQTZ5e/yIN2BVQ1KehqN794gcR1x7 4d5Bz+vgIPcDm2wpl4FP6oe5O0IGyUGWThVmkunI+T+xxDQ9CDZ/IWtECWoojQ== Received: from [192.168.0.151] (unknown [93.182.104.69]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: mfechner) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Qcr196JXSz12YS for ; Fri, 9 Jun 2023 05:56:13 +0000 (UTC) (envelope-from mfechner@freebsd.org) Message-ID: <9e9c665b-96a3-08fd-9cf6-56b9acc528ae@freebsd.org> Date: Fri, 9 Jun 2023 08:56:09 +0300 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.11.2 Subject: Re: OpenSSL 3.0 in the base system update Content-Language: en-US To: ports@freebsd.org References: From: Matthias Fechner In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-ThisMailContainsUnwantedMimeParts: N Dear Ed, Am 08.06.2023 um 20:13 schrieb Ed Maste: > Most of the base system is ready for a seamless switch to OpenSSL 3.0. > For several components we've added `-DOPENSSL_API_COMPAT=0x10100000L` > to CFLAGS to specify the API version, which avoids deprecation > warnings from OpenSSL 3.0. Changes have also been made to avoid > OpenSSL APIs already deprecated in OpenSSL 1.1. We can continue the > process of updating to contemporary APIs after OpenSSL 3.0 is in the > tree. at first thanks a lot to take care of it. I only want to ask a question: Regarding my information openssl 3.0 has a major performance problem compared to 1.1. I have this information only from the haproxy mailing list, where many users downgraded from 3.0 to 1.1 as they were not able to handle the traffic anymore with the same hardware. Maybe talk to the developers of haproxy, they have a very deep knowledge of openssl. OpenSSL 3.1 should be better, but what I read on the haproxy mailing list does not reaching the performance of 1.1. (I do not have the technical background, but I only wanted to ask that you are aware of this issue) Gruß Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook