2025-10-09 –, Prague/ Technical Deep Dive & Innovation
As the OpenSSL community continues to evolve and foster greater collaboration, understanding real-world performance and industry feedback is of increasing significance. In this session, we share our experience upgrading our firewall portfolio from OpenSSL 1.1.1 through 3.4, with a focus on TLS 1.2 and 1.3. We aim to contribute actionable feedback and engage in a broader discussion around tuning, optimization, and future improvements based on our observations and performance data.
This talk presents a performance-focused evaluation of OpenSSL versions 3.0, 3.1, and 3.4, benchmarked against the previous LTS version 1.1.1. Using our firewall portfolio as the testbed, we analyze TLS 1.2 and 1.3 performance across commonly deployed cipher suites and key exchange configurations, covering both full handshake and session resumption scenarios.
While we anticipated some performance degradation with the transition to OpenSSL 3.0, our benchmarks show that OpenSSL 3.4 delivers meaningful improvements, bringing performance closer to OpenSSL 1.1.1 levels. However, increased per-session memory usage in OpenSSL 3.4 continues to impact our scalability in high-throughput environments.
Through data-driven analyses and visualizations, we aim to foster a collaborative discussion on optimization strategies. Our goal is to provide industry insights and actionable feedback to the OpenSSL developers and become more engaged in shaping the future of the community.
William Bellingrath, Software Engineer Staff, Cybersecurity R&D, Juniper Networks
William has been part of the team that handles the core security libraries and applications across Juniper Network's network portfolio for the past 7 years. He leads the major OpenSSL upgrades in the company's networking operating systems.