Performance Issue With OpenSSL 1.1.1c

Steffen Nurpmeso steffen at
Tue May 28 21:48:51 UTC 2019

Jay Foster wrote in <84571f12-68b3-f7ee-7896-c891a2e253e7 at>:
 |On 5/28/2019 10:39 AM, Jay Foster wrote:
 |> I built OpenSSL 1.1.1c from the recent release, but have noticed what 
 |> seems like a significant performance drop compared with 1.1.1b.  I 
 |> notice this when starting lighttpd.  With 1.1.1b, lighttpd starts in a 
 |> few seconds, but with 1.1.1c, it takes several minutes.
 |> I also noticed that with 1.1.1b, the CFLAGS automatically included 
 |> '-Wall -O3', but with 1.1.1c, '-Wall -O3' is no longer included in the 
 |> CFLAGS.  was this dropped?  I  added '-Wall -O3' to the CFLAGS, but 
 |> this did not seem to have any affect on the performance issue 
 |> (unrelated?).
 |> This is for a 32-bit ARM build.
 |> Jay
 |I think I have tracked down the change in 1.1.1c that is causing this.  
 |It is the addition of the DEVRANDOM_WAIT functionality for linux in 
 |e_os.h and crypto/rand/rand_unix.c.  lighttpd (libcrypto) is waiting in 
 |a select() call on /dev/random.  After this eventually wakes up, it then 
 |reads from /dev/urandom.  OpenSSL 1.1.1b did not do this, but instead 
 |just read from /dev/urandom.  Is there more information about this 
 |change (i.e., a rationale)?  I did not see anything in the CHANGES file 
 |about it.

I do not know why lighttpd ends up on /dev/random for you, but in
my opinion the Linux random stuff is both sophisticated and sucks.
The latter because (it seems that many) people end up using
haveged or similar to pimp up their entropy artificially, whereas
on the other side the initial OS seeding is no longer truly
supported.  Writing some seed to /dev/urandom does not bring any
entropy to the "real" pool.

This drove me insane on my elder boxes, and on my VM server (which
suddenly required minutes for booting, but mind you that was
actually really OpenSSH hanging on, just the boot messages made me
think something else) i even had to log in twice to end a hang of
half on hour -- by doing one (maybe two) keypress(es)!

Whereas that box does reasonable work by generating I/O and thus
I/O based entropy, once it is up.  But the pool cannot be feeded
until we get there.  I installed haveged, but this is ridiculous!
Therefore i have written a small program entropy-saver.c which
saves and restores entropy to the real pool, which is still
possible (though the interface is deprecated).
This works just fantastic, and even on my brand new laptop it is
of value.  And Linux does not take the proposed bits for granted
but about halfs that.  Feel free to use it.  Do not use it in
conjunction with haveged or something, or take care for the order.

|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: entropy-saver.c
Type: text/x-csrc
Size: 8521 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list