PCEngines APU2/APU3/APU4 running on 20.7

[almodovaris]

Another round:

 /usr/local/bin/openssl speed -elapsed -evp aes-128-cbc
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15874993 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 7012502 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 2832566 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 772744 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 8192 size blocks: 103137 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 52408 aes-128-cbc's in 3.00s
OpenSSL 1.1.1h  22 Sep 2020
built on: Tue Oct 20 22:46:58 2020 UTC
options:bn(64,64) rc4(8x,int) des(int) aes(partial) blowfish(ptr)
compiler: cc -fPIC -pthread -Wa,--noexecstack -Qunused-arguments -O2 -pipe  -DHARDENEDBSD -fPIE -fPIC -fstack-protector-all -fno-strict-aliasing -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -D_THREAD_SAFE -D_REENTRANT -DNDEBUG
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      84666.63k   149600.04k   241712.30k   263078.19k   281632.77k   286217.56k

[franco]

1) For the love of god, why do you guys deploy 2 different openssl versions on the same opnsense without describing this trapmine?

I'm not sure if you are intentionally hard to work with or that it is just what it is.

FreeBSD requires an embedded base system OpenSSL library for bootstrap reasons, but this version cannot be changed on the fly without reinstalling the whole base system. That's why we use a package on top to allow quick updates and also the possibility to use LibreSSL.

This information isn't new and certainly not rocket science. Failure to learn from past threads which have plenty of information on the subject is on the individual user.


Cheers,
Franco

[Ricardo]

1) For the love of god, why do you guys deploy 2 different openssl versions on the same opnsense without describing this trapmine?

I'm not sure if you are intentionally hard to work with or that it is just what it is.

FreeBSD requires an embedded base system OpenSSL library for bootstrap reasons, but this version cannot be changed on the fly without reinstalling the whole base system. That's why we use a package on top to allow quick updates and also the possibility to use LibreSSL.

This information isn't new and certainly not rocket science. Failure to learn from past threads which have plenty of information on the subject is on the individual user.


Cheers,
Franco

All I can do, if I am in doubt of something, first I use the docs search function:
https://docs.opnsense.org/search.html?q=openssl&check_keywords=yes&area=default

It didnt help me to find your quoted sentence, which you suggest should be general public knowledge:

"FreeBSD requires an embedded base system OpenSSL library for bootstrap reasons, but this version cannot be changed on the fly without reinstalling the whole base system. That's why we use a package on top to allow quick updates and also the possibility to use LibreSSL."

Othwerwise you may add forum sticky permalinks into the docs articles, where it is written once already. Searching for "openssl" string under forum returns too many results, not rational to find that 1 statement.

"Failure to learn from past threads which have plenty of information on the subject is on the individual user."
No comment on this, we dont understand or willing to accept the others point of view.

[banym]

This is not a OPNsense related thing.
The location of custom software outside of base system comes from the way FreeBSD works using ports.

Further information on this topic:
https://www.freebsd.org/doc/handbook/dirstructure.html
https://www.freebsd.org/doc/handbook/ports.html#ports-synopsis