As a note which is unrelated to OpenSSL, I would like to point out that Roxen with SSL (and, I assume Caudium as well or to be exact a webserver using the Pike SSL implementation) performs absolutely horribly. Some time ago (a year or two perhaps - scale hardware to what was the norm back then) Real Networks did a benchmark on SSL and Roxen and the speed was something along the lines of 5-10 requests per second for normal small files (which is too slow even for small/moderate sites) - this compared to 150 req/sec or more for a hardware SSL accelerator (not a fair comparision but still).
One problem with the SSL code in Pike is that, as far as I know, it never has been benchmarked or optimized by developers. Because of that the bad performance is mostly an unknown issue.
/ David Hedbor
Previous text:
2003-01-28 08:35: Subject: Re: OpenSSL wrapper vs Pike's SSL (Was: Bz2)
On Tue, Jan 28, 2003 at 01:20:01AM +0100, Martin Nilsson (Åskblod) @ Pike (-) developers forum wrote:
One obvious disadvantage with OpenSSL though is that it is written in C, and thus is more likely to have bugs causing security holes.
One obvious disadvantage with Pike is that it is used by humans, which tend to make mistakes :) "Guns don't kill people, people kill people".
There is no (and will never be) any _safe_ language, until there are a lot of "unsafe" programmers around. :)
Proper code can be written in C, in Perl, even in asm - if you know what you are doing. Yes, it is extremely difficult (if ever possible) to leave (or create) a buffer overflov like hole in Pike app, but it is quite easy to leave another hole (like memory leak - where objects are never completely dereferenced so GC won't help).
Regards, /Al
/ Brevbäraren