Untitled attachment

Notices where this attachment appears

1. Embed this notice
   LaF0rge (laf0rge@chaos.social)'s status on Thursday, 15-May-2025 02:46:41 JST LaF0rge

   In case you haven't seen it yet, check out the analysis of the devastating state of [mostly] modern #OpenSSL by members of haproxy at https://www.haproxy.com/blog/state-of-ssl-stacks - hard to imagine such massive performance regressions getting into mainline linux distributions unnoticed by the distributors. #linux #ssl

2. Embed this notice
   abadidea (0xabad1dea@infosec.exchange)'s status on Wednesday, 07-May-2025 19:35:04 JST abadidea

   After heartbleed in 2014, there were a lot of calls to abandon OpenSSL and support alternative libraries because it had written itself into a corner full of holes. I didn’t anticipate that 11 years later, there’d be a call to abandon OpenSSL because it’s written itself into a corner of running at 1% the performance of those very same alternative libraries https://www.haproxy.com/blog/state-of-ssl-stacks

3. Embed this notice
   hanno (hanno@mastodon.social)'s status on Wednesday, 07-May-2025 19:02:44 JST hanno

   This is a gruelling summary of all the things wrong with OpenSSL https://www.haproxy.com/blog/state-of-ssl-stacks I've mostly watched this whole thing from the sidelines, but was also affected noting that private key parsing suddenly became 70 times slower. I think they've now improved it to "only" be 10-20 times slower, and there does not seem any effort to work on it any more.