libssl: Load only the ciphers and digests needed for TLS, not all of them #11166
Commits on Jan 11, 2022
-
libssl: Load only the ciphers and digests needed for TLS, not all of …
…them OPENSSL_init_crypto(), added in 1.1.0, loads all available ciphers and digests by default. Since we only need the TLS-related ones, that only increases the startup time and the memory usage. Before: ``` OPENSSL_INIT: ossl_init_base: Setting up stop handlers OPENSSL_INIT: ossl_init_register_atexit() OPENSSL_INIT: ossl_init_load_crypto_nodelete() OPENSSL_INIT: openssl_config_int((null), (null), 50) OPENSSL_INIT: ossl_init_engine_rdrand: engine_load_rdrand_int() OPENSSL_INIT: ossl_init_thread_start: marking thread for err_state OPENSSL_INIT: ossl_init_load_crypto_strings: err_load_crypto_strings_int() OPENSSL_INIT: ossl_init_engine_dynamic: engine_load_dynamic_int() OPENSSL_INIT: ossl_init_add_all_ciphers: openssl_add_all_ciphers_int() OPENSSL_INIT: ossl_init_add_all_digests: openssl_add_all_digests() OPENSSL_INIT: ossl_init_ssl_base: Adding SSL ciphers and digests OPENSSL_INIT: ossl_init_ssl_base: SSL_COMP_get_compression_methods() OPENSSL_INIT: ossl_init_ssl_base: SSL_add_ssl_module() OPENSSL_INIT: ossl_init_load_ssl_strings: ERR_load_SSL_strings() OPENSSL_INIT: ossl_init_thread_start: marking thread for rand OPENSSL_INIT: ossl_init_thread_start: marking thread for rand ``` After: ``` OPENSSL_INIT: ossl_init_base: Setting up stop handlers OPENSSL_INIT: ossl_init_register_atexit() OPENSSL_INIT: ossl_init_load_crypto_nodelete() OPENSSL_INIT: openssl_config_int((null), (null), 50) OPENSSL_INIT: ossl_init_engine_rdrand: engine_load_rdrand_int() OPENSSL_INIT: ossl_init_thread_start: marking thread for err_state OPENSSL_INIT: ossl_init_load_crypto_strings: err_load_crypto_strings_int() OPENSSL_INIT: ossl_init_engine_dynamic: engine_load_dynamic_int() OPENSSL_INIT: ossl_init_ssl_base: Adding SSL ciphers and digests OPENSSL_INIT: ossl_init_ssl_base: SSL_COMP_get_compression_methods() OPENSSL_INIT: ossl_init_ssl_base: SSL_add_ssl_module() OPENSSL_INIT: ossl_init_load_ssl_strings: ERR_load_SSL_strings() OPENSSL_INIT: ossl_init_thread_start: marking thread for rand OPENSSL_INIT: ossl_init_thread_start: marking thread for rand ```
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.