Skip to content
Permalink
Browse files

add optional OpenSSL 1.1.0g patch for 30-40% ECDSA performance boost

- when Nginx is recompiled via centmin.sh menu option 4 with prior persistent config file /etc/centminmod/custom_config.inc set variables, LIBRESSL_SWITCH='y', OPENSSLECDSA_PATCH='y' and OpenSSL version used is 1.1.0g, then OpenSSL 1.1.0g is patched for better ECDSA performance. If you use ECC 256bit ECDSA SSL certificates for HTTP/2 HTTPS then you'll have better HTTP/2 HTTPS performance compared to standard ECDSA and the usual default RSA 2048bit SSL certificates https://community.centminmod.com/threads/patch-30-40-ecdsa-performance-improvement-openssl-1-1.13614/
  • Loading branch information...
centminmod committed Jan 2, 2018
1 parent 8273ccd commit ba6a43e1afae8c44b6ba3918e2010e958e751bd8
Showing with 3,870 additions and 0 deletions.
  1. +18 −0 inc/openssl_install.inc
  2. +3,852 −0 patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40%.patch
@@ -1,6 +1,24 @@

opensslpatches() {
{

# ECDSA performance patch https://community.centminmod.com/posts/57725/
if [[ "$LIBRESSL_SWITCH" = [nN] && "$OPENSSLECDSA_PATCH" = [yY] && "${OPENSSL_VERSION}" = '1.1.0g' ]]; then
echo
echo "######################################################################"
echo "Patching OpenSSL 1.1.0g"
echo "######################################################################"
echo "30-40% performance improvement patch for ECDSA"
echo "https://community.centminmod.com/posts/57725/"
echo "######################################################################"
pushd ${DIR_TMP}/openssl-${OPENSSL_VERSION}
rm -rf OpenSSL1.1g-improve-ECDSA-sign-30-40%25.patch
wget https://gitlab.com/buik/openssl/raw/openssl-patch/openssl-1.1/OpenSSL1.1g-improve-ECDSA-sign-30-40%25.patch
patch -p1 < OpenSSL1.1g-improve-ECDSA-sign-30-40%.patch
popd
echo
fi

# release buffer patch CVE-2010-5298
if [[ "${OPENSSL_VERSION}" = '1.0.1g' ]]; then
echo "######################################################################"

0 comments on commit ba6a43e

Please sign in to comment.
You can’t perform that action at this time.