The State of SSL Stacks, summarized

The article "The State of SSL Stacks" https://www.haproxy.com/blog/state-of-ssl-stacks from HAProxy’s blog, published on May 6, 2025, examines the current landscape of SSL/TLS libraries, focusing on OpenSSL 3.x, BoringSSL, LibreSSL, WolfSSL, and AWS-LC, with an emphasis on their performance, features, and compatibility with HAProxy. It highlights the evolution of these libraries, their strengths and weaknesses, and the challenges faced in balancing performance, security, and long-term support. The article also discusses the need for efficient, well-maintained SSL libraries that support modern protocols like QUIC and TLS 1.3, while addressing performance regressions and sustainability concerns.

Summary

• OpenSSL 3.x: Widely used but suffers from performance regressions due to dynamic design changes (e.g., runtime lookups and locking), making it 4-9 times slower than competitors. It offers robust features and a new LTS cycle (every two years, five years of support), but its complexity and resource demands are drawbacks.
• BoringSSL: Developed by Google, it prioritizes performance and modern protocols (e.g., QUIC, TLS 1.3) but lacks long-term support and frequent releases, making it less suitable for stable deployments.
• LibreSSL: A lightweight OpenSSL fork by OpenBSD, it focuses on simplicity and security but has limited feature support (e.g., incomplete QUIC API for HAProxy) and slower adoption of new standards.
• WolfSSL: Initially for embedded systems, it now supports advanced features like TLS 1.3, QUIC, and FIPS certification. It offers a compatibility layer for OpenSSL but may lack some features for high-end use cases.
• AWS-LC: Amazon’s fork of BoringSSL, it emphasizes performance and forward compatibility. It’s promising but lacks long-term support commitments, hindering adoption by OS vendors.

The article concludes with optimism about ongoing improvements, such as OpenSSL’s LTS strategy and potential collaboration between projects like AWS-LC and QuicTLS, and invites readers to follow updates at HAProxyConf 2025.

Comparison of Pros and Cons

OpenSSL 3.x

Pros:

- Comprehensive feature set (TLS 1.3, QUIC, etc.)

- Wide adoption

- New LTS cycle (2-year releases, 5-year support)

- Robust ecosystem

Cons:

- Significant performance regression (4-9x slower)

- Complex, dynamic design increases overhead

- High resource usage

- Sustainability concerns

BoringSSL

Pros:

- High performance

- Supports modern protocols (QUIC, TLS 1.3)

- Actively maintained by Google

- Lightweight design

Cons:

- No LTS commitment

- Infrequent releases

- Limited compatibility with non-Google ecosystems

- Not a drop-in replacement for OpenSSL

LibreSSL

Pros:

- Lightweight and secure

- Simplified codebase

- OpenBSD backing

- Supports some QUIC APIs (since 3.6.0)

Cons:

- Limited feature set for HAProxy

- Slower adoption of new standards

- Incomplete QUIC API support

- Smaller community

WolfSSL

Pros:

- Lightweight, embedded focus

- Supports TLS 1.3, QUIC, FIPS

- OpenSSL compatibility layer

- Evolving feature set

Cons:

- Historically lacked features (improving)

- May not suit all high-end use cases

- Less widespread adoption than OpenSSL

AWS-LC

Pros:

- High performance

- Forward-compatible (QUIC, TLS 1.3)

- Amazon-backed

- Potential for broad adoption

Cons:

- No LTS commitment

- Limited current adoption by OS vendors

- Still maturing

- Not fully tested with HAProxy

Key Insights

• Performance: BoringSSL and AWS-LC lead in efficiency, while OpenSSL 3.x lags significantly.
• Feature Support: OpenSSL and WolfSSL offer the broadest feature sets, but LibreSSL trails in advanced protocol support.
• Stability: OpenSSL’s LTS cycle provides reliability, unlike BoringSSL and AWS-LC, which lack long-term support.
• HAProxy Context: OpenSSL remains the default, but AWS-LC and WolfSSL are promising alternatives if support and compatibility improve.