Awesome article, some return from the field
Awesome article, some return from the field
Posted Jan 16, 2026 5:04 UTC (Fri) by wtarreau (subscriber, #51152)In reply to: Awesome article, some return from the field by hkario
Parent article: The State of OpenSSL for pyca/cryptography
> the performance regression of 3.5 compared to 1.1.x is small
In client mode it's not. For us 3.5 and 3.4 basically show the same performance. If you go down to the end of this article https://www.haproxy.com/blog/state-of-ssl-stacks and scroll up to the latest graph, you'll see that we're still facing a roughly 4.5x degradation in end-to-end TLS between 1.1.1 and 3.4 (and hence 3.5), despite the former already being significantly slower than alternatives.
Thus it really depends on use cases, but for those who need to encrypt on both sides, it's a real pain, and explains why some applications are now willing to pay the high price of migrating to alternatives, like explained by the Python guys in this article.