On real 68k hardware certain connections are being dropped during SSL handshake

[jens-maus]

In a recent YAM issue ticket (see jens-maus/yam#651) a user is reporting connection problems with his real A1200/68060 system. After some investigation it seems that not YAM can be blamed, but the problem already appear if he is using the openssl command-line tool to initiate a test connection via the following command sequence:

openssl s_client -debug -connect pop3.live.com:995

After execution of the command the openssl command doesn't switch to interactive connection mode and the POP3 server doesn't report with plain text +OK that the connection succeeded. Looking at the debug output one can see that after outputting the certificate chain it actually output some write:errno=32 error which means "Broken pipe":

[...]
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = *.hotmail.com
verify return:1
write to 0x60ca7a7c [0x60c5f40c] (166 bytes => -1 (0xFFFFFFFF))
write:errno=32
[...]

As said, errno=32 stands for "Broken pipe" and could easily mean the mail server had already canceled/dropped the connection to to waiting to long for a response. The current suspicion is that due to unknown reasons certain cipher/certificate digest calculations might take to long so that the server drops connection and the openssl tries to continue communication with the server, but fails of course.

Some debugging are required and thus we should generate a openssl command line binary with more debugging output between the certificate output and the successive write commands. In addition, some timing information have to be added to be able to verify if some calculations are really taking to long.

[jens-maus]

@Futaura Can you please try to reproduce this issue on your real m68k hardware system?

[jerseywurzel]

How do I revert to AmiSSL 3, to test this?

[Futaura]

@jens-maus Unfortunately, AmigaKit still have my real m68k hardware :-(

@jerseywurzel Simply using an older version of YAM or the old v3 OpenSSL tool will use the AmiSSL v3 library

[Futaura]

Not that it probably helps much, but this works correctly using AmiSSL 68k under emulation on OS4. I do know that with AmiSSL v3, old style DH ciphers were heavily CPU intensive on my 68060, which made HTTPS connections really slow (hence DH was disabled by default in IBrowse).

[jerseywurzel]

@Futaura
How can I backtrack to v3? I updated amissl to v4 using the installer, has it overwritten the old version?
Thanks

[Futaura]

@jerseywurzel No - you should have both the v3 and v4 libs installed already (check AmiSSL:Libs/AmiSSL). The installer will have overwritten the v3 OpenSSL tool though, so you need to download that to test the OpenSSL tool with v3.

[jerseywurzel]

@Futaura
I downloaded AmiSSL3.6 and changed the OpenSSL and AmiSSL3 libs back. I couldn't get a connection because something was looking for AmiSSL4. This was from the CLI, not YAM
I left OpenSSL3.6 but re-enabled AmiSSL4 and then I got something.
Instead or errno 32 as before, I got errno 54
Don't` know if that points to anything?

[Weber-Frank]

I use here a real Amiga 2000 with a Blizzard 2060 at 50MHz and OS 3.9 with MiamiDX.
I execute the command and it needed 18.8 seconds until "+OK DUB006-POP301 POP3 server ready"
Until timeout and show the cursor it needed 79 seconds.
Here is the output:

[...]
New, SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: F34C0000E28E26998714CE8D7236B2AF37061CE2976E1D1DA789D9AE9587EDFC
    Session-ID-ctx: 
    Master-Key: 7DA8224DFB93270CDAF00C053096FA480173666AE54062E476F23A2DC013484624642C2D1EAF323C1C2328F8233CD3EB
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1486939596
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
read from 0xa6941fc [0xa7470fb] (5 bytes => 5 (0x5))
0000 - 17 03 01 00 40                                    ....@
read from 0xa6941fc [0xa747100] (64 bytes => 64 (0x40))
0000 - b5 c7 04 83 8f f4 f6 1c-5e b2 6a 5a 66 d0 12 1e   ........^.jZf...
0010 - e3 1f 9c 4b cd 6e b6 d3-7f 80 31 0c 15 9e d1 fd   ...K.n....1.....
0020 - d7 e4 84 cd 3b e7 a2 67-95 57 cf c7 0c e7 36 ab   ....;..g.W....6.
0030 - 1a e3 d9 c9 ca b5 31 b8-96 c7 71 21 90 a9 92 d9   ......1...q!....
+OK DUB006-POP301 POP3 server ready
read from 0xa6941fc [0xa7470fb] (5 bytes => -1 (0xFFFFFFFF))
read:errno=54
write to 0xa6941fc [0xa74b25b] (37 bytes => -1 (0xFFFFFFFF))
12.Ram_Disk:>   

[jens-maus]

@jerseywurzel No, this means more or less the same, the peer (mail server) has closed the connection. I am really more and more convinced that all these modern encryption algorithms require more processing power than all these obsolete real 68k processors can provide.

[jens-maus]

@Weber-Frank This is very interesting Frank. Can you please say which TCP/IP stack you are using and which internet connection do you have? Perhaps this is also related to the TCP/IP stack type or internet connection speed or something like this. Because I am surprise that the test connection works for you.

[Weber-Frank]

i do the same with the yahoo server.
I execute the command and it needed 19.1 seconds until "+OK hello from jpop-0.1"
Until timeout and show the cursor it needed 136 seconds.
Here is the output:

[...]
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=legacy.pop.mail.yahoo.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5284 bytes and written 302 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 58A0D9D50DF660BE0D8BED1C373732BDE32C06FD95EF868733D52DD0E0A32CFF
    Session-ID-ctx: 
    Master-Key: F5BF869F2E6C9811EA752F3C8B57736663341B18305DD179BA05BC247213C706080F6BE0D08FB72297A4A41227D98FA3
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1486939812
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
read from 0xa69421c [0xa7470fb] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 31                                    ....1
read from 0xa69421c [0xa747100] (49 bytes => 49 (0x31))
0000 - 00 00 00 00 00 00 00 01-9f 71 24 38 1d 16 ae db   .........q$8....
0010 - 8a 51 e5 cc ad 55 df 44-55 75 f4 71 6d 82 ad ef   .Q...U.DUu.qm...
0020 - 11 ca 9c 7e 97 0d 54 2b-c6 fd ed a0 7d d1 2c 02   ...~..T+....}.,.
0030 - a0                                                .
+OK hello from jpop-0.1
read from 0xa69421c [0xa7470fb] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 1a                                    .....
read from 0xa69421c [0xa747100] (26 bytes => 26 (0x1A))
0000 - 00 00 00 00 00 00 00 02-cd bf 44 87 39 28 49 73   ..........D.9(Is
0010 - aa f2 ed 82 9a 68 d0 24-c8 e0                     .....h.$..
closed
write to 0xa69421c [0xa74b25b] (31 bytes => 31 (0x1F))
0000 - 15 03 03 00 1a e3 92 d3-71 39 0e ee 29 2e 37 6f   ........q9..).7o
0010 - 01 5f 3b 6e c2 8d 47 3c-40 f5 78 fd ce 7f 98      ._;n..G<@.x....
12.Ram_Disk:>   

I do the same again an try to log in (of course with a wrong password).
Here is the output (i have cut the upper part):

...
+OK hello from jpop-0.1
›71mUSER Opionline
›51mwrite to 0xa5fabbc [0xa61428b] (44 bytes => 44 (0x2C))
0000 - 17 03 03 00 27 42 e7 48-46 2d fe 96 0e 52 52 e5   ....'B.HF-...RR.
0010 - 8b 2c 52 01 d4 aa bf b9-b5 c7 f6 61 54 17 a5 61   .,R........aT..a
0020 - 10 b5 62 ca c2 c0 59 55-d7 cf a7 fc               ..b...YU....
read from 0xa5fabbc [0xa60454b] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 30                                    ....0
read from 0xa5fabbc [0xa604550] (48 bytes => 48 (0x30))
0000 - 00 00 00 00 00 00 00 02-72 0b 56 22 42 06 dc 10   ........r.V"B...
0010 - 89 df d3 81 ac eb 07 ae-9f 1a 98 29 34 50 5c 15   ...........)4P\.
0020 - 58 0c b6 59 50 00 f7 de-b8 7e 57 d3 dc b7 37 15   X..YP....~W...7.
+OK password required.
›71mPASS Test
›51mwrite to 0xa5fabbc [0xa61428b] (39 bytes => 39 (0x27))
0000 - 17 03 03 00 22 42 e7 48-46 2d fe 96 0f c6 da 4a   ...."B.HF-.....J
0010 - 97 b5 18 b0 58 e2 8e d0-b6 97 a2 e8 b8 86 29 08   ....X.........).
0020 - 0e 08 d5 ff c7 b2 2c                              ......,
read from 0xa5fabbc [0xa60454b] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 50                                    ....P
read from 0xa5fabbc [0xa604550] (80 bytes => 80 (0x50))
0000 - 00 00 00 00 00 00 00 03-07 d2 79 c4 b9 d5 18 d6   ..........y.....
0010 - ce d3 57 53 71 6b 8e ca-b9 c6 cb ec 63 a3 46 a0   ..WSqk......c.F.
0020 - 24 1a 8d 8c 74 fa 18 8e-5d d8 8f 76 da 94 33 38   $...t...]..v..38
0030 - bd 66 d7 2b b0 1c 69 5c-84 6e d9 45 97 b4 20 81   .f.+..i\.n.E.. .
0040 - a1 15 08 a6 ef 21 bc 20-cc b4 9a 5e 85 85 c4 d9   .....!. ...^....
-ERR Server error - Please try again later. [SYS/TEMP]
 

It seems all is working correct here on a 68060. :-)

[Weber-Frank]

@jens-maus
See my first post in this ticket. i wrote:
I use here a real Amiga 2000 with a Blizzard 2060 at 50MHz and OS 3.9 with MiamiDX.
I think that say all what you need. :-)

btw. i do the same again with the correkt password and get:

... here was the Password part...
read from 0xa5f9ba4 [0xa60454b] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 4b                                    ....K
read from 0xa5f9ba4 [0xa604550] (75 bytes => 75 (0x4B))
0000 - 00 00 00 00 00 00 00 03-cd 8c c9 02 c7 d7 f5 ce   ................
0010 - 72 ab 48 76 79 38 c4 e0-60 7f 2f 2d 7b bd 54 77   r.Hvy8..`./-{.Tw
0020 - 82 4d 36 db 70 13 1c a5-98 f2 88 63 16 1c 46 67   .M6.p......c..Fg
0030 - eb b3 ff 5e 65 f6 99 13-c2 17 5d d7 37 73 3b 70   ...^e.....].7s;p
0040 - e7 58 90 19 a6 e7 0b 23-dc a3 40                  .X.....#..@
+OK maildrop ready, 149 messages (2773042 octets)
  

[Weber-Frank]

Sorry i forget to say my connection speed.
I have here a 16 Mbit DSL connection which is in real only 12 Mbit.

[jerseywurzel]

I use Miami, I have fibre broadband with up to 50mb download speeds

[jens-maus]

@jerseywurzel Ok, thanks for this information. I am, however, still curious why @Weber-Frank isn't having any issues with his A2000/060 while your A1200/060 installation shows this issue? Which operating system versions are you guys using and also please state the exact Miami version you are using.

[jens-maus]

@Futaura Could it be that this issue is somehow related to #8 ? What do you think?

@jerseywurzel @Weber-Frank Can you guys please try to execute openssl s_client -connect google.com:443 and see if this shows an error as well? And please do not post all the lengthy openssl debug output, but concentrate on the relevant output or upload your *.txt files here.

[tboeckel]

I mocked up a tiny program which reads stdin line by line and outputs each line immediately again to stdout prefixed by the elapsed time since program start. This makes it possible for us to monitor the time spent until the desired output is created.

tsstdin.zip

If you have the PIPE command installed (don't confuse it with the PIPE: handler) you should be able to call it like this:
openssl s_client -debug -connect pop3.live.com:995 | tsstdin

Otherwise you have to open two shell windows. In the first one enter this:
tsstdin <pipe:foo

And in the second one enter this:
openssl s_client -debug -connect pop3.live.com:995 >pipe:foo

The output will then look like this:

[       3.332619] CONNECTED(00000000)
[       3.337045] write to 0x114def44 [0x114f2b58] (176 bytes => 176 (0xB0))
[       3.338520] 0000 - 16 03 01 00 ab 01 00 00-a7 03 03 d8 f5 d9 f0 bc   ................
[       3.339354] 0010 - 10 2e f1 76 4c 42 3b ba-5a 48 2a b7 bd 22 67 cf   ...vLB;.ZH*.."g.
[       3.340252] 0020 - ef 4f e9 29 be 96 a5 d7-b2 99 da 00 00 38 c0 2c   .O.).........8.,
[       3.341664] 0030 - c0 30 00 9f cc a9 cc a8-cc aa c0 2b c0 2f 00 9e   .0.........+./..
[       3.342497] 0040 - c0 24 c0 28 00 6b c0 23-c0 27 00 67 c0 0a c0 14   .$.(.k.#.'.g....
[       3.343203] 0050 - 00 39 c0 09 c0 13 00 33-00 9d 00 9c 00 3d 00 3c   .9.....3.....=.<
[       3.343908] 0060 - 00 35 00 2f 00 ff 01 00-00 46 00 0b 00 04 03 00   .5./.....F......
[       3.344742] 0070 - 01 02 00 0a 00 0a 00 08-00 1d 00 17 00 19 00 18   ................
[       3.345960] 0080 - 00 23 00 00 00 0d 00 20-00 1e 06 01 06 02 06 03   .#..... ........
[       3.346858] 0090 - 05 01 05 02 05 03 04 01-04 02 04 03 03 01 03 02   ................
[       3.347753] 00a0 - 03 03 02 01 02 02 02 03-00 16 00 00 00 17         ..............
[       3.348462] 00b0 - <SPACES/NULS>
[       3.349104] read from 0x114def44 [0x114e7c53] (5 bytes => 5 (0x5))
[...]

Perhaps this tool will expose how much time is spent during the individual steps.

[jerseywurzel]

A quick test that @jens-maus asked for shows errno54.

Question: @futuaura showed on IBrowse website, how to disable TSLv2 and v3 using Setenv. Would that be a possibility?

[jerseywurzel]

@Futaura see above comment

[Weber-Frank]

@jens-maus
I use here MiamiDeluxe 1.0c (10.04.2000).
I add the output for both servers with Thores tool used in the two windows version.
@tboeckel
Your tool seems not working correct because

1. here are many "-" signs in the output and
2. it show not the real point of delay :-(
   e.g. my outputfile FW1-pop3.live.com-995.txt
   Your tool show the long delay between the lines

[      18.-168998] read from 0xa1f83b4 [0xa20157b] (5 bytes => 5 (0x5))
[      77.229613] 0000 - 16 03 01 00 30                                    ....0 

but the delay is in reality after the line
+OK BLU003-POP256 POP3 server ready
(The server waits for input and timed out)
btw: In reality the above line is a seperate line in the cli. In the output it is not a seperate line.

[Weber-Frank]

FW1-pop3.live.com-995.txt
FW1-google.com-443.txt

[Futaura]

@jerseywurzel I think the environment vars you refer to have been completely removed from AmiSSL v4, so no those shouldn't be a factor. Of course, AmiSSL v3 will still read them as before.

[Futaura]

I really wish I had my A1200 mobo back right now... I'm wondering if it could be something as "simple" as a MTU related issue or some other TCP setting in MiamiDx, especially as not all MiamiDx appear to have this issue. Having the MTU set incorrectly can certainly break SSL connections, as I had that problem in the past. IBrowse seems to be running fine now on a 060 with MiamiDx.

[tboeckel]

Here is new version of tsstdin. The time calculation should be correct now. It was wrong to unsigned integers used by clib2.
tsstdin.zip

[jerseywurzel]

Ok, I have tried to revert to AmiSSL3, by renaming OpenSSL latest version, so its not recognised and so should load V3 AmiSSL. It doesnt work because something recognises that AmiSSL4 is not installed.
I have tried various combinations of renaming OpenSSL and AmiSSL so that V4 is not picked up, but I still cannot connect with errno 32 or 54 every time.
Enclosed is the latest log which has errno zero but now I`m stumped.
Even with AmiSSL 3 running, the latest nightly build of YAM insists that AMiSSL4 be running, or it quits.
I just cannot get YAM to download mails any more.
Any further ideas?
debug.pdf

[jerseywurzel]

@jens-maus
Sorry, I got confused with the commands. Here are the results:
Version AmiSSL4060.zip took 1m 27s, not connected
Version AmiSSL-noasm took 1m 49s, not connected
Version AmiSSL-asm took 1m 49s, not connected.

In all cases, I stopped bntest after 25-30 minutes because it was taking so long. The command it got up to is: test BN_kronecker\n
Hope that helps.

[jens-maus]

@jerseywurzel Ok, thank you for your test. So please go ahead and do the tests once more with the following openssl execution:

openssl s_client -cipher ECDHE-RSA-AES128-SHA -connect pop3.live.com:995

And please provide execution times and if the connection succeeded.

[jens-maus]

@ALL: Any news? Please run the tests again with the command of my last comment. I really want to push out a new AmiSSLv4 version soon and need this information.

[Futaura]

It would be prudent to wait for results from @Weber-Frank too - will be interesting to see how those test versions compare considering he is using optimised mathieee libs. Don't want to slow AmiSSL down on such a system - instead it would be better to recommend the MMULib math libs or HSMathLibs, etc, if they turn out to be faster than other solutions. At some point it would be good to come up with a good benchmark tool, which I'm happy to do. Obviously, emulation is not good for this, so we really need to get results from others too to get a true picture.

[jerseywurzel]

@jens-maus @Futaura
Sorry, When at work, I don`t have access to my Amiga and I was out last night. I will test tonight & tomorrow.
I do have MMULib installed but no idea anymore if it is running. Any ides on how to tell?

[Futaura]

@jerseywurzel Please don't alter anything in your system configuration until you've completed Jens' tests. Probably the easiest way to check for MMULib is to see if mmu.library is resident in memory, using Scout or similar. Maybe checking the version of 68060.library also.

[jerseywurzel]

@jens-maus
Ok, so AmiSSL v4 is 56s No connection
AmiSSLasm is 58s but connected +OK
AmiSSLno-asm is 56s and connected +OK

[jerseywurzel]

@Futaura
I have MMUlib v46.12 and 68060lib v46.2 installed, according to Scout.
Thanks for the help

[Weber-Frank]

@jens-maus I want to run the tests but your new librarys are not loaded.
You attach the amissl_v110e.library but Snoopdos show me your attached openssl programs try to open the v110d and v110c libraries. Renaming the v110e library to v110d or v110c don't work too.
If i rename my v110c and v110d libraries so that only the amissl_v110e.library and amissl_v097g.library is here then openssl show me the errormessage "Couldn't open AmiSSL!"
I got the idea to run snoopdos because I got exactly the same times with the different libraries.
The bntest with original library need here 15-16 Minutes and produce really a lot output. Do you need the output from the program too?

[Futaura]

@Weber-Frank Install the amisslmaster.library from the archives - any one will do (no need to switch this between different tests as they are identical).

[Weber-Frank]

@Futaura Hups, sorry i forget to install the amisslmaster.library. thanks for the hint.
@ALL I do the Tests. All Tests show me the OK sign and all Tests runs 3-4 seconds faster if i run it a second time (this is the time the library needs to load into the memory)
To not sit with the stopwatch i use the following script for the bntest:

SET Command bntest
SET LogFile  RAM:$Command-log.txt

Date >> $LogFile
ECHO "Running Command:" $Command >> $LogFile
$Command
Date >> $LogFile

Here my results with the command:
openssl-asm s_client -cipher [see cipher - see below] -connect pop3.live.com:995
The time (in seconds) is from start (first start with loading the library) until the OK sign:

Original amissl_v110d.library library:
ECDHE-RSA-AES256-SHA = 16
ECDHE-RSA-AES128-SHA = 12
bntest: 13:16:43 - 13:31:16 = 14:33 = 873 Seconds

amissl_v110e.library noasm:
ECDHE-RSA-AES256-SHA = 17
ECDHE-RSA-AES128-SHA = 13
bntest: 16:22:06 - 16:38:25 = 16:19 = 979 Seconds

amissl_v110e.library asm :
ECDHE-RSA-AES256-SHA = 18
ECDHE-RSA-AES128-SHA = 12
bntest: 15:49:16 - 16:04:08 = 14:52 = 892 Seconds

That's all.

[Weber-Frank]

Here my results with the 68060 amissl_v110d.library:

amissl_v110d.library 68060:
ECDHE-RSA-AES256-SHA = 17
ECDHE-RSA-AES128-SHA = 13
bntest: 18:33:47 - 18:50:05 = 16:18 = 978 Seconds

As you can see nearly exactly the same results from amissl_v110e.library noasm.

[Weber-Frank]

Forget to say: the openssl tool from the 68060 archive has no timeout, i get the cusor right after the OK sign.

[jerseywurzel]

@Futaura
re: @jerseywurzel Any particular reason that you don't have the maprom jumper set on your Blizzard 1260? At least, from your Sysinfo results, it doesn't look like you do. And presumably you have a 68060.library or similar installed.
I had a look but its difficult. I can see the RAMSPEED pins, and there is a plastic jumper on them. Removing that made not difference. Next to that is what looks like 2 tiny pins, maybe with a bit of plastic over them. However, I cannot easily remove that plastic - I think thats meant to be the MAPROM jumper?
Thanks

[Futaura]

@jerseywurzel I wasn't aware the 1260 had a RAMSPEED jumper (the 1230 did). I wouldn't like to explain where the jumper is on your board as it could be a different version to the one I'm seeing in manuals online. However, I think the MAPROM jumper is located beside the SIMM socket, on the left.

[Futaura]

@jerseywurzel Do you use any of the associated MMULib debug tools, like MyGuardianAngel for example? This would slow your system down for sure, but not sure if it would explain why your test results are so much slower than @Weber-Frank.

[Weber-Frank]

Good idea. It is hardly noticeable when MuForce runs but when MyGuardianAngel runs it is really to notice.
Maybe he could also use Scout to see which process the CPU consumes the power.

[jerseywurzel]

I don't knowingly have them running, although I have mulib installed.
I'm in the process of installing blizkick but it seems I need to remove the maprom jumper, as there isn't any speed increase. Searching for the manual online seems to indicate the small pins with the plastic cover is the maprom jumper. I will ask some questions on Amiga groups on how to remove it.
Thanks

[jerseywurzel]

@jens-maus
Thanks Jens-Maus, AmiSSL 4.1 seems to work a little faster than 4. I appreciate your time spent on this.

[hyc]

Please find attached a zip archive with binaries compiled after having integrated some m68k assembler optimization code done by someone in 2002.

@jens-maus fyi, that was me
Cross-posted to openssl-dev https://groups.google.com/d/msg/mailing.openssl.dev/Y-qxfUfvsMc/k02-RcB3qJAJ

[jerseywurzel]

Hi Oliver,

On 19/01/2020, you wrote: @Weber-Frank @jerseywurzel It would be useful if you could both post the output of "OpenSSL speed rsa". Any AmiSSL 4.x version will do, but be sure to use the OpenSSL command from 4.2 or older (seeing as the 4.3 one crashes).

I'm using OpenSSL 1.1.0g, hope that is ok? It seems to be from AmiSSL4.2 It takes a very long time to run - I left it overnight and itt was still running. Is that right? Bye for now, -- Russell If you lend someone £320 and never see that person again it was probably well worth it. weather: Partly Cloudy : 5.00 C, 41.00 F Winds : East 8.06 MPH, 12.97 KPH, 7.00 Knots Jersey Airport (EGJJ), United Kingdom Partly Cloudy : 6.00 C, 42.80 F Winds : Variable 12.66 MPH, 20.37 KPH, 11.00 Knots Jersey Airport (EGJJ), United Kingdom

[Futaura]

Hi Oliver,
On 19/01/2020, you wrote: @Weber-Frank @jerseywurzel It would be useful if you could both post the output of "OpenSSL speed rsa". Any AmiSSL 4.x version will do, but be sure to use the OpenSSL command from 4.2 or older (seeing as the 4.3 one crashes).
I'm using OpenSSL 1.1.0g, hope that is ok? It seems to be from AmiSSL4.2 It takes a very long time to run - I left it overnight and itt was still running. Is that right?

Sorry, no. I deleted my previous message soon after posting it, as I remembered the speed command was broken! Not to worry, I will have AmiSSL 4.4 ready soon and it has a fix for 68060 specifically, bringing a major speed boost to some areas. Unfortunately, previous AmiSSL v4 versions have been using some instructions that were removed on the 68060, which was causing a major performance issue.

[Futaura]

Fixed in ff6c5f9