I'm pretty sure nobody beside Axivo Repository has the Google 64bits optimization implemented. I think is done this way just for packaging uniformity, Google optimization is available since OpenSSL 1.0.0 version but only for 64bits platforms. Axivo provides only 64bits packages,Nobody runs a serious setup on 32bits machines.
Compared to previous RSA tests on OpenSSL, the Google optimized ephemeral Elliptic Curve Diffie-Hellman key exchange over P-224 runs at twice the speed of standard OpenSSL, while atomic elliptic curve operations are up to 4 times faster in 1.0.1c version.
In addition, the implementation is
immune to timing attacks. Axivo SSL setup gets a
90 score on
SSL Labs, close to
Google score. Not to bash
vBulletin.com but is unfortunate they run a
weak setup. Even if they get an
88 score, their site is vulnerable to Beast, DDoS and MITM attacks.
Comparison of keys between the two RPM sets (without EC, FIPS enabled on
axivoplus repo and with EC Google optimized for 64bits, FIPS disabled on
axivo repo):
View attachment 29729
I've created both packages, in case some people will not be allowed to legally use EC in their country/setup. For example, Google SSL sites do not run a built-in FIPS OpenSSL package mainly because FIPS is not compatible with EC.
If anyone have law knowledge related to EC usage on a website, I would appreciate some feedback. It will help all of us. Personally, I've put a
disclaimer just to protect myself. Technically, Axivo allows you to install whatever flavor you think is appropriate for your country/website (Debian or Redhat).