Date: Fri, 9 Jun 2023 08:56:09 +0300 From: Matthias Fechner <mfechner@freebsd.org> To: ports@freebsd.org Subject: Re: OpenSSL 3.0 in the base system update Message-ID: <9e9c665b-96a3-08fd-9cf6-56b9acc528ae@freebsd.org> In-Reply-To: <CAPyFy2CbMQVkijEF=BgQECZGre=f%2BgRPB0qcd0vvZgto75fU1w@mail.gmail.com> References: <CAPyFy2CbMQVkijEF=BgQECZGre=f%2BgRPB0qcd0vvZgto75fU1w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Ed, Am 08.06.2023 um 20:13 schrieb Ed Maste: > Most of the base system is ready for a seamless switch to OpenSSL 3.0. > For several components we've added `-DOPENSSL_API_COMPAT=0x10100000L` > to CFLAGS to specify the API version, which avoids deprecation > warnings from OpenSSL 3.0. Changes have also been made to avoid > OpenSSL APIs already deprecated in OpenSSL 1.1. We can continue the > process of updating to contemporary APIs after OpenSSL 3.0 is in the > tree. at first thanks a lot to take care of it. I only want to ask a question: Regarding my information openssl 3.0 has a major performance problem compared to 1.1. I have this information only from the haproxy mailing list, where many users downgraded from 3.0 to 1.1 as they were not able to handle the traffic anymore with the same hardware. Maybe talk to the developers of haproxy, they have a very deep knowledge of openssl. OpenSSL 3.1 should be better, but what I read on the haproxy mailing list does not reaching the performance of 1.1. (I do not have the technical background, but I only wanted to ask that you are aware of this issue) Gruß Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9e9c665b-96a3-08fd-9cf6-56b9acc528ae>