Skip to content

Commit

Permalink
add optional OpenSSL 1.1.0g patch for 30-40% ECDSA performance boost
Browse files Browse the repository at this point in the history
- when Nginx is recompiled via centmin.sh menu option 4 with prior persistent config file /etc/centminmod/custom_config.inc set variables, LIBRESSL_SWITCH='y', OPENSSLECDSA_PATCH='y' and OpenSSL version used is 1.1.0g, then OpenSSL 1.1.0g is patched for better ECDSA performance. If you use ECC 256bit ECDSA SSL certificates for HTTP/2 HTTPS then you'll have better HTTP/2 HTTPS performance compared to standard ECDSA and the usual default RSA 2048bit SSL certificates https://community.centminmod.com/threads/patch-30-40-ecdsa-performance-improvement-openssl-1-1.13614/
  • Loading branch information
centminmod committed Jan 2, 2018
1 parent 8273ccd commit ba6a43e
Show file tree
Hide file tree
Showing 2 changed files with 3,870 additions and 0 deletions.
18 changes: 18 additions & 0 deletions inc/openssl_install.inc
Original file line number Diff line number Diff line change
@@ -1,6 +1,24 @@

opensslpatches() {
{

# ECDSA performance patch https://community.centminmod.com/posts/57725/
if [[ "$LIBRESSL_SWITCH" = [nN] && "$OPENSSLECDSA_PATCH" = [yY] && "${OPENSSL_VERSION}" = '1.1.0g' ]]; then
echo
echo "######################################################################"
echo "Patching OpenSSL 1.1.0g"
echo "######################################################################"
echo "30-40% performance improvement patch for ECDSA"
echo "https://community.centminmod.com/posts/57725/"
echo "######################################################################"
pushd ${DIR_TMP}/openssl-${OPENSSL_VERSION}
rm -rf OpenSSL1.1g-improve-ECDSA-sign-30-40%25.patch
wget https://gitlab.com/buik/openssl/raw/openssl-patch/openssl-1.1/OpenSSL1.1g-improve-ECDSA-sign-30-40%25.patch
patch -p1 < OpenSSL1.1g-improve-ECDSA-sign-30-40%.patch
popd
echo
fi

# release buffer patch CVE-2010-5298
if [[ "${OPENSSL_VERSION}" = '1.0.1g' ]]; then
echo "######################################################################"
Expand Down
Loading

0 comments on commit ba6a43e

Please sign in to comment.