PRELIMINARY RESULT Benchmark Suite v1.0.15 - Results subject to change
Home Bellingrath Test Matrix

OpenSSL Performance Benchmark

Bellingrath Test Matrix3 iterations per version
Last run: 2026-01-05 • Iterations: 1.1.1w (3x), 3.0.18 (3x), 3.1.8 (3x), 3.2.6 (3x), 3.3.5 (3x), 3.4.3 (3x), 3.5.4 (3x), 3.6.0 (3x)

RSA vs ECDSA Certificate Comparison

Aligned with W. Bellingrath's OpenSSL 3.x presentation (Juniper Networks). Shows handshake performance for both RSA-2048 and ECDSA P-256 certificates.
📈 Why OpenSSL 3.2+ Shows a Major Performance Jump

The dramatic improvement from OpenSSL 3.1.x to 3.2.x (~2-2.5× for RSA, ~1.5× for ECDSA) is real and expected. OpenSSL 3.2 (released November 2023) included significant optimizations:

  • Provider Architecture Overhead Reduction: OpenSSL 3.0/3.1 introduced a provider-based architecture with significant per-operation dispatch overhead. Version 3.2 dramatically reduced this overhead.
  • RSA Operations: RSA signing (the bottleneck in RSA handshakes) benefited from reduced context setup and provider lookups per operation.
  • ECDSA/ECDH Operations: Elliptic curve operations saw improvements in both the provider layer and underlying implementations.
  • TLS Path Optimizations: Streamlined the full handshake code path, reducing CPU cycles per connection.

Note: The 3.0/3.1 performance regression vs 1.1.1w was a known issue. OpenSSL 3.2 marked the beginning of recovery, with 3.4+ often matching or exceeding 1.1.1w performance.

👉 See full analysis of the 3.1 → 3.2 performance improvement →

TLS 1.3 Session Resumption Performance

Comparison of new vs resumed TLS 1.3 connections with RSA certificates. Resumed connections reuse cached session parameters for faster setup.
Note: These are the deprecated handshakes_new_per_sec and handshakes_resume_per_sec metrics, which specifically measure TLS 1.3 (not TLS 1.2).
📈 Why OpenSSL 3.2+ Shows Significantly Higher Handshake Performance

The dramatic performance improvement from OpenSSL 3.1.x to 3.2.x (~2-2.5× in some configurations) is real and expected. OpenSSL 3.2 (released November 2023) included major optimizations:

  • Provider Architecture Optimizations: Reduced per-operation dispatch overhead that accumulated in the 3.0/3.1 transition from the legacy API
  • Context Caching Improvements: Better reuse of cryptographic contexts, reducing repeated initialization costs during handshakes
  • TLS Session Handling: Streamlined session ticket processing and key derivation paths
  • General Performance Work: Accumulated fixes addressing performance regressions identified since 3.0

Bottom Line: The 3.2 release marked a turning point where OpenSSL 3.x handshake performance began approaching—and in some cases exceeding—1.1.1w levels. This improvement is consistent across independent benchmarks.

👉 See full analysis of the 3.1 → 3.2 performance improvement →

← Back to Overview
View on GitHub
Open Source Benchmark
Found a problem? Have an improvement?
Fork the repository and submit a pull request!
Licensed under Apache 2.0 • Community-driven development • v1.0.15