OpenSSL Communities

How to respond to recent critiques? (Big picture)

Jon EricsonJon Ericson Fri 16 Jan 2026 10:51PMPublicSeen by 130

In the past few months there have been posts pointing out concerns with the OpenSSL Library. Notably:

I'm reminded of one of our community values:

We believe in behaving in a manner that fosters trust and confidence.

One way we can do that is by listening to people who are critical of the OpenSSL project, attempt to find root causes that we can address. It's good, for instance, that Paul Kehrer and Alex Gaynor, who maintain the Python cryptography library, spoke at the OpenSSL Conference. I attended that talk and while it was uncomfortable at times, I'm glad I learned about the problems they face when working with the OpenSSL Library. The alternative is not knowing and, therefore, being unable to address them.

It's human nature to take negative responses to our work as a personal attack. I do not believe that is an accurate characterization in this case. As I read these posts, I categorize the points in these general buckets:

  1. Technical problems with the OpenSSL Library (particularly performance regressions from OpenSSL 1.1.1 to 3.0).
  2. Disagreements with technical decisions made by the maintainers of OpenSSL (for instance the implementation of the provider architecture).
  3. Concerns about how the OpenSSL Library is managed.

These posts also sound like the authors feel unheard and that OpenSSL can't be fixed. So what can we, as a community, do about it? I'm going to put some ideas in this post, but I encourage everyone to pitch in ideas as replies below. Please focus on the big picture for now! We can dig into specific details either in GitHub issues or new threads.

Document what steps have already been taken to address concerns

One thing that caught my attention was the focus on the performance of OpenSSL 3.0 in particular. If you look at the performance graphs that release is consistently the worst performing branch. Other 3.x releases show improvement and frequently master is the closest to 1.1.1 performance.

But, of course, most people who use the OpenSSL Library aren't using master. Instead they are on an LTS release, so it makes sense people have formed their perception on 3.0. The most recent LTS, 3.5 is less than a year old so it's not yet worked it's way through the ecosystem. The gap between perception and reality is, at least in part, the result of 3.0's regression in performance combined with the unfortunate reality that that version was the LTS release for so long.

The Feisty Duck newsletter's December issue, OpenSSL Performance Still Under Scrutiny, models how we might address performance concerns:

  1. Frank acknowledgement of past problems.
  2. Practical hints about how to get the most out of more recent releases.
  3. Optimism that the situation will improve now that the OpenSSL Library has show movement in the direction of better performance.

When it comes to fostering trust, GitHub issues and PRs speak louder than promises. What specifically has been done to improve the situation?

Communicate the reasons behind technical decisions

Allow me to quote a powerful paragraph from the pyca post:

We do not fully understand the motivations that led to the public APIs and internal complexity we’ve described here. We’ve done our best to reverse engineer them by asking “what would motivate someone to do this” and often we’ve found ourselves coming up short. The fact that none of the other OpenSSL forks have made these same design choices is informative to the question of “was this necessary”.

Now the change in strategic architecture between 1.1.1 and 3.0 is documented. Reading between the lines I can see that the old architecture failed to meet the needs of some users of the OpenSSL Library. But the specific motivations for these choices aren't clear in that document. Searching around the internet, I found this post from our very own @beldmit that suggests the provider architecture useful for people who want:

  • legacy algorithms
  • experimental algorithms (OQS)
  • meet government standards (particularly FIPS-140-3)
  • cryptographic hardware (PKCS#11 and TPM2)

Not everyone cares about these use cases, but it's harder to argue that the changes to support these uses serve no purpose. Knowing that one of the goals of OpenSSL 3.0 was, to quote Dmitry, "maintainable FIPS-140-3 certified modules" clarifies the actual limitations to the design. People can disagree with the decisions, but not claim the changes were capricious.

It's pretty common for people to fail to adequately explain the reasoning for making big changes by the time the announcement goes out, the people who made the decision have lived with it for awhile and assume that the end product speaks for itself. They might not even remember the alternative choices that were rejected because once you commit to a path, the road not taken is irrelevant. In order to bring end users along, it's useful give that background. Ideally we need to answer the implied question behind many criticisms: "What's in it for me?" You can't answer that question too many times.

Let our mission be our guide

When I talk about OpenSSL to people who don't know what we are, I like to start with a paraphrase of the mission. We want everyone to have access to privacy and security tools. The OpenSSL Library is the more important and most obvious product of that mission. (Yes, I know the mission is much newer than the library. But the beliefs behind the mission are a big reason the library exists.) Forks of the OpenSSL Library tend to specialize in specific use cases whereas the OpenSSL LIbrary itself has the larger ambition of supporting everyone.

Fairly recently the organization that manages the OpenSSL Library chose to split into two organizations:

Since it's impossible to know all the ways people use the OpenSSL Library, we've also set up this platform so that the OpenSSL Communities can give us feedback. The best way to influence the future of the OpenSSL Library is to get involved right here.

For reference, both the HAProxy and Python cryptography library maintainers are welcome to join the Distributions community:

The Distributions comprises maintainers of operating systems and significant software packages that integrate projects from the OpenSSL Foundation and the OpenSSL Corporation.

Keep the lines of communication open

As a community manager, I have found that people have a hard time assuming the worst about others when they are in active communication. Sometimes a conversation can unlock unexpected solutions to seemingly intractable differences. It can help to remember that behind avatars are real people.

How else can we respond?

Jon Ericson

Jon EricsonWed 21 Jan 2026 4:12PM

What OpenSSL (or each Community guardian) might do better is surface sticky points, lead discussions to conclusion, e.g., the formulation of concrete GH issues/tasks that may then be prominently tracked (say via a very visible "Top challenges" dashboard) & worked on with priority: Something for you to consider instituting maybe @Jon Ericson ?

I think something along these lines would be very helpful. For instance, a big goal of 4.0 is removing ENGINEs. It's something that was talked a lot about internally, but could have been more public. Probably even more public than blog posts (which are great, but don't necessarily get a lot of traffic). I'm thinking something on the GitHub repo, Library roadmap and/or the Library documentation.

A good deal of it is "just" documentation, though; referencing the performance dashboard or the OpenSSL3 design rationale(s) for example. Is anyone already doing that? Has this maybe already been done? If not, anyone volunteering?

Getting ready for FOSDEM is eating up my time right now, but I do feel like this is more or less up my alley.

Peter Gutmann

Peter GutmannSat 17 Jan 2026 1:38AM

I'd also go with a variant of "communicate the reasons" which is to let people know that there's a way forward, so it's not "we decided to arbitrarily change everything and now you're stuck with it forever". I'm not sure if it's possible to win a benchmarking war if you're competing with old forks of, ah, make-it-go above everything else code, but if you can explain that the changes were necessary for the future because the existing 1.0 architecture was on its last legs and now that you've got it stable it's time to tune it, that might give people some light at the end of the tunnel.

Possibly also publish a plan for profiling and addition of fastpath code for commonly-used stuff if you're not already doing that, with occasional updates to demonstrate progress is being made. For example I assume almost everything is going with SHA2-256 (they usually are) and fastpath that, so all the highly flexible configurable options get bypassed for the common case of SHA-256 which is a direct jump into the raw SHA2 code, bypassing backend selection, object creation, locking, and a lot of other things.

Dmitry Belyavsky

Dmitry BelyavskySat 17 Jan 2026 11:48AM

Thank you for your write-up!

My deep beliefs are that in such situations of controversy the only normal way that can improve the situation is direct communication with the most problematic peers (AFAIK, there were some efforts to deal with HAProxy feedback - don't know if they are the result of communication or a common sense). No, communication does not ensure the positive outcome but usually provides some way to move forward.

OTOH, looks like some design decisions made during 3.0 development were not great enough and should be reconsidered. Some improvements were already done. For example, I'm not sure that the logic of encoder/decoder lookup is perfect, and there was a sketch of design to improve it.

One more point I'm seriously consider, but it's quite controversial. Both my background related so support of national cryptography and recent PQ transition where we heavily related on the option to provide new algorithms via providers demonstrate me the importance of plugability and flexibility. But there are gazillion of scenarios where people don't need it but are limited with the choice of algorithms, and probably having alg-specific API targeting these use cases makes sense.

Item removed

Jon Ericson

Jon EricsonTue 20 Jan 2026 6:50AM

But there are gazillion of scenarios where people don't need it but are limited with the choice of algorithms, and probably having alg-specific API targeting these use cases makes sense.

In November @matt, @amyp, @nhorman and I visited the computer science department at NC State University. One suggestion we heard was to offer an opinionated library. I had to look this up: "Opinionated software means that there is basically one way (the right way™) to do things and trying to do it differently will be difficult and frustrating."—tvanfosson on Stack Overflow

It's pretty clear the OpenSSL Library is non-opinionated. As a (recovering?) Perl programmer, I feel the pain of having too many ways to shoot yourself in the foot do things. I like the idea of having a subset of algorithms that are secure, reasonably fool-proof and avoid complexity that many people don't need.

Richard Levitte (OpenSSL)

Richard Levitte (OpenSSL)Mon 26 Jan 2026 11:07AM

@jon, re OpenSSL Library being opinionated, depends on what you look at. Let me muse philosophically for a bit...

The design around the provider mechanisms made libcrypto un-opinionated, leaving it to providers to be the opinionated parties. But, the OpenSSL Library includes a set of providers, so its opinionatedness hasn't gone away, it just has been shuffled around a bit, and left some spaces for alternative opinions (through external providers).

Peter Gutmann

Peter GutmannThu 5 Feb 2026 11:54AM

@Jon Ericson Is it safe for something in OpenSSL's position to do that? My code is pretty opinionated because I'm pretty opinionated and so you get that thrown in for free, but in OpenSSL's case it's the swiss-army-chainsaw for everything. If you start removing algorithms and mechanisms I suspect you'd get a lot of pushback from the long tail of vociferous people who rely on it supporting obscure algorithm X.

Jon Ericson

Jon EricsonThu 5 Feb 2026 5:05PM

@pgut001 To be clear, I'm suggestion the option to have an opinionated subset. I expect we are going to see some of what you are talking about in 4.0 when stuff is removed. We do need to support people who started using the Library years ago and have legitimate uses for algorithms that shouldn't be used for new code.

The idea would be to have an onramp for people who want to start using OpenSSL but are overwhelmed with the extra stuff. Maybe this is more of a documentation task, but I wonder if it would make sense to develop an "opinionated" or "minimal" provider that would make the library simpler for new users. (This is, perhaps, getting off-topic.)

Peter Gutmann

Peter GutmannFri 6 Feb 2026 3:06AM

I thought about this a bit overnight and a big problem is the fact that there are a million web pages full of recipes telling you how to do whatever the user is asking for with OpenSSL, so stripping out things is going to break those instructions. What about picking out the top 100 (or whatever) things that people want, which will keep 98% of users happy because everything will work as before, and making the rest a compile-time thing, OpenSSL standard vs. OpenSSL extended? I don't use stochastic parrots myself so this is speculation but this could be one thing that they're actually good at, "take all the information you've scraped and list the top 100 OpenSSL recipes from that, order by popularity".

Dmitry Belyavsky

Dmitry BelyavskySun 18 Jan 2026 10:26AM

Some more thoughts. There are 2 possible outcomes beyond such publications - either an invitation to make some bargain or, as opposite, is the final decision and no reasonable compromise is possible - but my qualification is definitely not enough to distinguish what's beyond particularly this one.

Load More