> seriously, OpenSSL 3.0+ is really REALLY badly performing compared to 1.x
do you have AI bots pounding your servers? Your server is falling over faster thjan it should because of OpenSSL. It could probably handle more traffic if you switched to WolfSSL or AWS-LC
https://www.haproxy.com/blog/state-of-ssl-stacks> OpenSSL 3.1 tried to partially address the [locking abuse] problem by placing a few atomic operations instead of locks where it appeared possible. The problem remains that the architecture was probably designed to be way more dynamic than necessary, making it unfit for performance-critical workloads, and this was clearly visible in the performance reports of the issues above.
> After everything imaginable was done, the performance of OpenSSL 3.x remains highly inferior to that of OpenSSL 1.1.1. The ratio is hard to predict, as it depends heavily on the workload, but losses from 10% to 99% were reported.
STOP 👏 USING 👏 OPENSSL 👏 FOR 👏 TLS 👏