Performance Issue With OpenSSL 1.1.1c

Jay Foster jayf0ster at
Tue May 28 21:15:51 UTC 2019

On 5/28/2019 10:39 AM, Jay Foster wrote:
> I built OpenSSL 1.1.1c from the recent release, but have noticed what 
> seems like a significant performance drop compared with 1.1.1b.  I 
> notice this when starting lighttpd.  With 1.1.1b, lighttpd starts in a 
> few seconds, but with 1.1.1c, it takes several minutes.
> I also noticed that with 1.1.1b, the CFLAGS automatically included 
> '-Wall -O3', but with 1.1.1c, '-Wall -O3' is no longer included in the 
> CFLAGS.  was this dropped?  I  added '-Wall -O3' to the CFLAGS, but 
> this did not seem to have any affect on the performance issue 
> (unrelated?).
> This is for a 32-bit ARM build.
> Jay
I think I have tracked down the change in 1.1.1c that is causing this.  
It is the addition of the DEVRANDOM_WAIT functionality for linux in 
e_os.h and crypto/rand/rand_unix.c.  lighttpd (libcrypto) is waiting in 
a select() call on /dev/random.  After this eventually wakes up, it then 
reads from /dev/urandom.  OpenSSL 1.1.1b did not do this, but instead 
just read from /dev/urandom.  Is there more information about this 
change (i.e., a rationale)?  I did not see anything in the CHANGES file 
about it.


More information about the openssl-users mailing list