Hello,

 

If somebody is using Kamailio in a larger environment with TLS, this new technical analysis and performance report from haproxy could be interesting: https://www.haproxy.com/blog/state-of-ssl-stacks

 

The bottom-line – OpenSSL 3.0 will show serious performance regressions for larger TLS services with higher performance requirements. OpenSSL 3.1 and newer versions are a bit better, but still much slower in key operations. You should consider using the tls_wolfssl module or stay on OpenSSL 1.1.1. For the medium- to long-term we probably should observe how other OpenSSL libraries are developing and act accordingly for the tls modules.

 

The haproxy project recommends besides using wolfssl also the aws-lc library. The situation regarding OpenSSL 3.x seems to be not easily fixable, as these regressions are caused from internal design decisions.

 

Cheers,

 

Henning

 

--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com