Editing OpenSSL (section)

== Criticisms ==

=== Backwards compatibility ===

Among developers communities, OpenSSL is often cited for introducing API compatibility breakage with each new major version,<ref>{{Cite web|url=https://github.com/brave/brave-browser/issues/22305|title=OpenSSL 3 breaks webpack build · Issue #22305 · brave/brave-browser|website=GitHub|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208042515/https://github.com/brave/brave-browser/issues/22305|url-status=live}}</ref><ref>{{Cite web|url=https://bbs.archlinux.org/viewtopic.php?id=277577|title=openssl version 3.0 in arch? / Newbie Corner / Arch Linux Forums|website=bbs.archlinux.org|access-date=February 25, 2023|archive-date=May 16, 2024|archive-url=https://web.archive.org/web/20240516183345/https://bbs.archlinux.org/viewtopic.php?id=277577|url-status=live}}</ref><ref>{{Cite web|url=https://discourse.ubuntu.com/t/openssl-3-0-transition-plans/24453|title=OpenSSL 3.0 transition plans|date=April 6, 2022|website=Ubuntu Community Hub|access-date=February 25, 2023|archive-date=December 25, 2024|archive-url=https://web.archive.org/web/20241225033457/https://discourse.ubuntu.com/t/openssl-3-0-transition-plans/24453|url-status=live}}</ref><ref>{{Cite web|url=https://github.com/nginx/unit/issues/597|title=OpenSSL 3.0 Compatibility · Issue #597 · nginx/unit|website=GitHub|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208043018/https://github.com/nginx/unit/issues/597|url-status=live}}</ref> which requires software adaptations that tend to delay new version adoptions.<ref>{{Cite web|url=https://discuss.python.org/t/our-future-with-openssl/21486|title=Our future with OpenSSL|date=November 28, 2022|website=Discussions on Python.org|access-date=February 25, 2023|archive-date=February 25, 2023|archive-url=https://web.archive.org/web/20230225163414/https://discuss.python.org/t/our-future-with-openssl/21486|url-status=live}}</ref> This, combined with the fact that previous releases are generally maintained for no more than two years after a new major one is released<ref name="openssl_3.0.0_release_blog" /> tends to force some vendors to anticipate software migrations very early while still having little time left<ref>{{Cite web|url=https://www.redhat.com/en/blog/experience-bringing-openssl-30-rhel-and-fedora|title=The experience of bringing OpenSSL 3.0 into Red Hat Enterprise Linux and Fedora|website=www.redhat.com}}</ref> to update to a new release, sometimes at the risk of losing some compatibility with existing software<ref>{{Cite web|url=https://groups.google.com/g/help-cfengine/c/45i4ROevUVw|title=Compile against OpenSSL 3.X|website=groups.google.com|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208153714/https://groups.google.com/g/help-cfengine/c/45i4ROevUVw|url-status=live}}</ref><ref>{{Cite web|url=https://forum.eset.com/topic/32613-eset-management-agent-rhel-9x-openssl-30x/|title=ESET Management Agent (RHEL 9.x, OpenSSL 3.0.x)|website=ESET Security Forum|date=June 6, 2022|access-date=February 25, 2023|archive-date=December 9, 2024|archive-url=https://web.archive.org/web/20241209230105/https://forum.eset.com/topic/32613-eset-management-agent-rhel-9x-openssl-30x/|url-status=live}}</ref> or risking regressions.<ref>{{Cite web|url=https://bugs.python.org/issue46313|title=Issue 46313: SSLObject does not raise SSLEOFError on OpenSSL 3 - Python tracker|website=bugs.python.org|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208033439/https://bugs.python.org/issue46313|url-status=live}}</ref><ref>{{Cite web|url=https://www.tenable.com/plugins/nessus/164507|title=RHEL 9 : openssl (RHSA-2022:6224)|website=www.tenable.com|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208042937/https://www.tenable.com/plugins/nessus/164507|url-status=live}}</ref>

=== Delay between releases ===

While [[long-term support]] (LTS) releases are maintained for 5 years,<ref name='releasestrat'/> accumulated delays in release time frames tend to force operating system vendors to stay on the last supported release longer, leaving less margin when the new version is available. For example, OpenSSL 3.0 was initially expected for Q4 2019<ref name="openssl_blog_3.0_update" /> and was finally issued 21 months later<ref name="openssl_3.0.0_release_blog" /> without extending the expected end of support for previously supported version 1.1.1, and this despite the significant changes that required adaptations to existing software.

=== Significant performance regressions ===

The reduced support delay of version 1.1.1 mentioned above causes further concerns to users whose workloads are sensitive to performance. Some time after general availability of 3.0, some users started to report serious performance regressions affecting this version in multi-threaded environments, many citing the inefficient use of locks in frequent low-level operations, citing slowdowns from 80 to 400 times.<ref>{{Cite web|url=https://github.com/openssl/openssl/issues/17064|title=Massive performance degradation in OpenSsl 3.0 if used in a heavy multi threaded server application · Issue #17064 · openssl/openssl|website=GitHub|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208114743/https://github.com/openssl/openssl/issues/17064|url-status=live}}</ref><ref>{{Cite web|url=https://github.com/openssl/openssl/issues/17950|title=Performance issue with Openssl 3.0 in multi threaded application when using d2i_x509 · Issue #17950 · openssl/openssl|website=GitHub|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208051208/https://github.com/openssl/openssl/issues/17950|url-status=live}}</ref><ref>{{Cite web|url=https://github.com/openssl/openssl/issues/18814|title=Severe efficiency degradation of credential loading in comparison to 1.1.1 · Issue #18814 · openssl/openssl|website=GitHub|access-date=February 25, 2023|archive-date=December 7, 2024|archive-url=https://web.archive.org/web/20241207231338/https://github.com/openssl/openssl/issues/18814|url-status=live}}</ref><ref>{{Cite web|url=https://github.com/openssl/openssl/issues/20286|title=3.0 performance degraded due to locking · Issue #20286 · openssl/openssl|website=GitHub}}</ref><ref>{{Cite web|url=https://github.com/nodejs/node/issues/43128|title=High cpu usage for outbound ssl requests after upgrading from v16.15.0 to v18.1.0 · Issue #43128 · nodejs/node|website=GitHub|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208011158/https://github.com/nodejs/node/issues/43128|url-status=live}}</ref><ref>{{Cite web|url=https://github.com/openssl/openssl/issues/18472|title=Massive performance degradation in OpenSsl 3.0 FIPS provider · Issue #18472 · openssl/openssl|website=GitHub|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208192721/https://github.com/openssl/openssl/issues/18472|url-status=live}}</ref><ref>{{Cite web|url=https://github.com/openssl/openssl/issues/16791|title=Performance measurements · Issue #16791 · openssl/openssl|website=GitHub|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208124557/https://github.com/openssl/openssl/issues/16791|url-status=live}}</ref><ref>{{Cite web|url=https://github.com/openssl/openssl/issues/15199|title=PEM/DER decoding of PKCS8 RSA private keys are 80 times slower in 3.0 · Issue #15199 · openssl/openssl|website=GitHub|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208060652/https://github.com/openssl/openssl/issues/15199|url-status=live}}</ref> The OpenSSL team has created a meta-issue to try to centralize reports of such massive performance regressions.<ref>{{Cite web|url=https://github.com/openssl/openssl/issues/17627|title=3.0 Performance problems · Issue #17627 · openssl/openssl|website=GitHub|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208073139/https://github.com/openssl/openssl/issues/17627|url-status=live}}</ref> About half of these reporters indicate the impossibility for them to upgrade to 3.0 from earlier versions, adding to the trouble caused by the limited support time left on previous version 1.1.1.

=== Consideration for users' requirements ===

While the [[QUIC]] transport layer was being worked on to support the third version of the [[HTTP]] protocol, it was proposed to use TLS to provide security,<ref>{{Cite web |url=https://datatracker.ietf.org/doc/draft-ietf-quic-tls/01/ |title=Using Transport Layer Security (TLS) to Secure QUIC |date=January 14, 2017 |via=IETF |last1=Thomson |first1=Martin |last2=Turner |first2=Sean |access-date=November 27, 2023 |archive-date=December 8, 2024 |archive-url=https://web.archive.org/web/20241208103639/https://datatracker.ietf.org/doc/draft-ietf-quic-tls/01/ |url-status=live}}</ref> and identified that some adaptations to TLS libraries would be needed. Such modifications were brought to BoringSSL<ref>{{Cite web|url=https://bugs.chromium.org/p/boringssl/issues/detail?id=221|title=221 - boringssl - A fork of OpenSSL that is designed to meet Google's needs - Monorail|website=bugs.chromium.org}}</ref> which was the library being primarily used by QUIC developers by then, and later ported to other libraries.<ref>{{Cite web|url=https://gitlab.com/gnutls/gnutls/-/issues/826|title=Support QUIC TLS API (#826) · Issues · gnutls / GnuTLS · GitLab|website=GitLab|date=September 4, 2019|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208020918/https://gitlab.com/gnutls/gnutls/-/issues/826|url-status=live}}</ref> A port of this work was quickly proposed to OpenSSL.<ref name="auto1">{{Cite web|url=https://github.com/openssl/openssl/pull/8797|title=WIP: master QUIC support by tmshort · Pull Request #8797 · openssl/openssl|website=GitHub|access-date=February 25, 2023|archive-date=January 21, 2025|archive-url=https://web.archive.org/web/20250121132358/https://github.com/openssl/openssl/pull/8797|url-status=live}}</ref> While some discussion started the same day, it quickly stalled and was first blocked on license considerations,<ref name="auto1"/> then kept on hold once these concerns were cleared. Finally 10 months later the OpenSSL Management Committee announced on a blog post<ref>{{Cite web |url=https://openssl-library.org/post/2020-02-13-quic-and-openssl/ |title=QUIC and OpenSSL |website=OpenSSL Blog |date=February 17, 2020 |access-date=2024-10-11}}</ref> that this patch set would not be adopted for 3.0 on the fear that the API would change over time. Finally more than one year after planned release of 3.0 which was still not coming, a team of volunteers from [[Akamai]] and [[Microsoft]] decided to fork the project as QuicTLS<ref>{{Cite web|url=https://twitter.com/richsalz/status/1367349918671773697|title=quictls announce on twitter}}</ref> and support these patches on top of the OpenSSL code in order to unblock QUIC development. This action was generally welcome by the community. Finally after OpenSSL 3.0 was finally released, the QUIC patch set was reconsidered and decided against,<ref>{{Cite web|url=https://www.mail-archive.com/openssl-project@openssl.org/msg02585.html|title=OMC Release Requirements|website=www.mail-archive.com|access-date=February 25, 2023|archive-date=January 21, 2025|archive-url=https://web.archive.org/web/20250121112325/https://www.mail-archive.com/openssl-project@openssl.org/msg02585.html|url-status=live}}</ref> causing tens to hundreds of reactions of disappointment among the community.<ref name="auto1"/> The pull request was closed, while users felt the need to publicly express their disappointment,<ref>{{Cite web|url=https://daniel.haxx.se/blog/2021/10/25/the-quic-api-openssl-will-not-provide/|title=The QUIC API OpenSSL will not provide &#124; daniel.haxx.se|date=October 25, 2021|access-date=February 25, 2023|archive-date=January 21, 2025|archive-url=https://web.archive.org/web/20250121161711/https://daniel.haxx.se/blog/2021/10/25/the-quic-api-openssl-will-not-provide/|url-status=live}}</ref> or beg operating system vendors to support the alternative QuicTLS fork,<ref>{{Cite web|url=https://alioth-lists.debian.net/pipermail/pkg-openssl-devel/2021-October/007668.html|title=[Pkg-openssl-devel] Any intent to maintain quictls ?|first=Willy|last=Tarreau|date=October 27, 2021|access-date=February 25, 2023|archive-date=December 7, 2024|archive-url=https://web.archive.org/web/20241207235221/https://alioth-lists.debian.net/pipermail/pkg-openssl-devel/2021-October/007668.html|url-status=live}}</ref><ref>{{Cite web|url=https://groups.google.com/g/linux.debian.bugs.dist/c/CAh0KLP5Euo?pli=1|title=Bug#1011391: openssl: please support quictls patchset|website=groups.google.com|access-date=February 25, 2023|archive-date=December 8, 2024|archive-url=https://web.archive.org/web/20241208091707/https://groups.google.com/g/linux.debian.bugs.dist/c/CAh0KLP5Euo%3Fpli=1|url-status=live}}</ref> or seek for alternative solutions.<ref name="auto2">{{Cite web|url=https://github.com/haproxy/haproxy/issues/680|title=HTTP/3 support · Issue #680 · haproxy/haproxy|website=GitHub|access-date=February 25, 2023|archive-date=December 7, 2024|archive-url=https://web.archive.org/web/20241207220516/https://github.com/haproxy/haproxy/issues/680|url-status=live}}</ref> Finally Rich Salz, co-founder of the QuicTLS fork, announced<ref name="auto2"/> his interest in seeing an Apache project forked from QuicTLS. As of 25 February 2023 there is still no QUIC-compatible long-term supported TLS library available by default in operating systems without requiring end-users to rebuild it themselves from sources.