OpenSSL SSL_CTX_set_default_verify_paths Slow

Michael Richardson mcr at
Mon Sep 27 14:33:03 UTC 2021

Jay Foster <jayf0ster at> wrote:
    > While migrating some applications from OpenSSL 1.0.2 (and 1.1.1) to
    > 3.0.0, I have noticed that the SSL_CTX_set_default_verify_paths()
    > function is much slower in 3.0.0.  In 1.0.0 it would take about 0.1
    > seconds and in 3.0.0 it takes over 3 seconds.

Based upon your straces, the time is spend in the OS.
Are you running this on the same system?
That's still very slow... I wonder if you have a failing disk.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr at        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list