Re: OpenSSL 3.0 in the base system update

From: Matthias Fechner <>
Date: Fri, 09 Jun 2023 05:56:09 UTC
Dear Ed,

Am 08.06.2023 um 20:13 schrieb Ed Maste:
> Most of the base system is ready for a seamless switch to OpenSSL 3.0.
> For several components we've added `-DOPENSSL_API_COMPAT=0x10100000L`
> to CFLAGS to specify the API version, which avoids deprecation
> warnings from OpenSSL 3.0. Changes have also been made to avoid
> OpenSSL APIs already deprecated in OpenSSL 1.1. We can continue the
> process of updating to contemporary APIs after OpenSSL 3.0 is in the
> tree.

at first thanks a lot to take care of it.
I only want to ask a question:

Regarding my information openssl 3.0 has a major performance problem 
compared to 1.1.
I have this information only from the haproxy mailing list, where many 
users downgraded from 3.0 to 1.1 as they were not able to handle the 
traffic anymore with the same hardware. Maybe talk to the developers of 
haproxy, they have a very deep knowledge of openssl.
OpenSSL 3.1 should be better, but what I read on the haproxy mailing 
list does not reaching the performance of 1.1.
(I do not have the technical background, but I only wanted to ask that 
you are aware of this issue)



"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook