Performance Issue With OpenSSL 1.1.1c

Jakob Bohm jb-openssl at
Wed May 29 14:12:24 UTC 2019

On 28/05/2019 23:48, Steffen Nurpmeso wrote:
> Jay Foster wrote in <84571f12-68b3-f7ee-7896-c891a2e253e7 at>:
>   |On 5/28/2019 10:39 AM, Jay Foster wrote:
>   |> I built OpenSSL 1.1.1c from the recent release, but have noticed what
>   |> seems like a significant performance drop compared with 1.1.1b.  I
>   |> notice this when starting lighttpd.  With 1.1.1b, lighttpd starts in a
>   |> few seconds, but with 1.1.1c, it takes several minutes.
>   |>
>   |> I also noticed that with 1.1.1b, the CFLAGS automatically included
>   |> '-Wall -O3', but with 1.1.1c, '-Wall -O3' is no longer included in the
>   |> CFLAGS.  was this dropped?  I  added '-Wall -O3' to the CFLAGS, but
>   |> this did not seem to have any affect on the performance issue
>   |> (unrelated?).
>   |>
>   |> This is for a 32-bit ARM build.
>   |>
>   |> Jay
>   |>
>   |I think I have tracked down the change in 1.1.1c that is causing this.
>   |It is the addition of the DEVRANDOM_WAIT functionality for linux in
>   |e_os.h and crypto/rand/rand_unix.c.  lighttpd (libcrypto) is waiting in
>   |a select() call on /dev/random.  After this eventually wakes up, it then
>   |reads from /dev/urandom.  OpenSSL 1.1.1b did not do this, but instead
>   |just read from /dev/urandom.  Is there more information about this
>   |change (i.e., a rationale)?  I did not see anything in the CHANGES file
>   |about it.
> I do not know why lighttpd ends up on /dev/random for you, but in
> my opinion the Linux random stuff is both sophisticated and sucks.
> The latter because (it seems that many) people end up using
> haveged or similar to pimp up their entropy artificially, whereas
> on the other side the initial OS seeding is no longer truly
> supported.  Writing some seed to /dev/urandom does not bring any
> entropy to the "real" pool.
Something equivalent to your program (but not storing a bitcount field)
used to be standard in Linux boot scripts before systemd.  But it
typically used the old method of just writing the saved random bits
into /dev/{u,}random .

This makes me very surprised that they removed such a widely used
interface, can you point out when that was removed from the Linux


Jakob Bohm, CIO, Partner, WiseMo A/S.
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list