Thanks for the insights :) Please ignore my observation about better performance on Alpine. It wasn't very correct as I was comparing the throughput & CPU usage using "top" of OpenVPN+mbedtls compiled & ran on Alpine with OpenVPN+OpenSSL compiled & ran on Debian. As the OS, the top binary etc were different, the comparison wasn't very fair.
I now compiled OpenVPN+OpenSSL on Alpine itself and compared it with the performance of OpenVPN+mbedtls built on same system & OS. And yet again OpenSSL performs 30% better and uses less CPU. Probably for the reasons you mentioned of it being a highly optimized library. One conclusion that I could draw out of my tests is that for the same TLS library, Alpine delivered considerably better performance & lower CPU usage than Debian/CentOS. May be its something to do with libc6 vs musl or the OS/compiler optimization etc. > OpenSSL is highly optimized, with lots of assembly code on many platforms. > mbed TLS does not carry this kind of optimizations. On the other hand, the > mbed TLS source code is quite pleasant to read compared to the OpenSSL source > code. > > Why you experience better performance on Alpine is hard to understand, but > might be related to generic compiler flags being set by default in that > distro. I recall many years ago when I used Gentoo, I recompiled > OpenOffice.org instead of using the pre-built binaries. That boosted the > startup of OpenOffice.org by 20-25 seconds. (It also took 8 hours to compile > on the hardware those days, but that's a different story ;-)) _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
