OpenSSL SSL_CTX_set_default_verify_paths Slow
Tomas Mraz
tomas at openssl.org
Mon Sep 27 15:32:22 UTC 2021
On Mon, 2021-09-27 at 08:24 -0700, Jay Foster wrote:
> On 9/27/21 7:33 AM, Michael Richardson wrote:
> > Jay Foster <jayf0ster at roadrunner.com> wrote:
> > > While migrating some applications from OpenSSL 1.0.2 (and
> > 1.1.1) to
> > > 3.0.0, I have noticed that the
> > SSL_CTX_set_default_verify_paths()
> > > function is much slower in 3.0.0. In 1.0.0 it would take
> > about 0.1
> > > seconds and in 3.0.0 it takes over 3 seconds.
> >
> > Based upon your straces, the time is spend in the OS.
> > Are you running this on the same system?
> Exact same machine.
> > That's still very slow... I wonder if you have a failing disk.
>
> I don't think so. The file system is a UBIFS on nand flash, and it
> 1.0.2, but nowhere near as much slower as 3.0.0.
>
> blocks at a time and doing some processing on the data read. It
> appears
> that this processing is what is taking longer.
Yes, unfortunately the decoding takes much longer on 3.0.0. I suppose
there is some major optimization to be done in 3.1.
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
More information about the openssl-users
mailing list