OpenSSL 3.0 Performance Disaster and the Future of the SSL Library Ecosystem
The HAProxy team delves into the performance disaster caused by OpenSSL 3.0 and its impact on the SSL library ecosystem. The release of OpenSSL 3.0 resulted in significant performance degradation in multi-threaded environments, posing challenges for many projects reliant on OpenSSL. The article compares alternative solutions like BoringSSL, LibreSSL, WolfSSL, and AWS-LC, analyzing their trade-offs in functionality, performance, and maintenance. Performance testing reveals that OpenSSL 3.0 significantly underperforms compared to other libraries in multi-threaded scenarios, forcing organizations to provision more hardware to maintain throughput. The article also explores the QUIC protocol and its relationship with SSL libraries, along with the OpenSSL team's handling of the QUIC API. Ultimately, the article recommends HAProxy users choose suitable SSL libraries based on their needs, such as AWS-LC or WolfSSL, and calls for the community to collaboratively address the performance issues in OpenSSL 3.0.