The existing perftools we have allow us to monitor for performance regression. They compare openssl with openssl. This is good enough to catch any performance regression early in development. This can be considered as a lightweight performance testing.
We should also do a performance testing using 3rd party tools. For example Apache with mod_ssl nginx with openssl etc. This should allow us to see how openssl performance changes from version to version, but also it should tell us how well/bad openssl is doing when compared with competing libraries.
The existing perftools we have allow us to monitor for performance regression. They compare openssl with openssl. This is good enough to catch any performance regression early in development. This can be considered as a lightweight performance testing.
We should also do a performance testing using 3rd party tools. For example Apache with mod_ssl nginx with openssl etc. This should allow us to see how openssl performance changes from version to version, but also it should tell us how well/bad openssl is doing when compared with competing libraries.