On 11/01/2022 12.02, Antoine Pitrou wrote:
Hi Christian,
On Sun, 9 Jan 2022 19:39:06 +0100
Christian Heimes <christ...@python.org> wrote:
Hi,
I would like to remind everybody that Python's support for OpenSSL 3.0
is preliminary [1]. Python compiles with OpenSSL 3.0.0 and simple code
kinda works. However there are known performance regressions, missing
features (e.g. usedforsecurity flag), and potential bugs cause by API
incompatibilities.
Due to the experimental state I advise against using Python with OpenSSL
3.0 in production.
It may take a while until Python gains full support for the next version
of OpenSSL. I have shifted my personal OSS time to more fun topics like
performance and WASM.
Sounds reasonable :-)
Out of curiosity, what are the performance regressions about?
OpenSSL 3.0 introduced a new context, provider, and algorithm fetch
system. It is not optimized yet and has an impact on performance.
I noticed that hashlib.sha512(b'12345678') is more than 20% slower with
new EVP_MD_fetch() API. Impact on multi threading applications is even
bigger due to lock congestion.
https://github.com/openssl/openssl/issues/17064
_______________________________________________
Python-Dev mailing list -- python-dev@python.org
To unsubscribe send an email to python-dev-le...@python.org
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at
https://mail.python.org/archives/list/python-dev@python.org/message/CWM32SJHRXIPM2YZDCTUHZRT5ETE2FGH/
Code of Conduct: http://python.org/psf/codeofconduct/
