Magento 2.4+ Peroformance Issue

Since PHP 7.1, the mcrypt library was deprecated and removed from PHP 7.2. You can read more about it in the php.net article “mcrypt viking funeral“ (PHP guys have a sense of humor).

The “phpseclib”, used by Magento, has an algorithm of how it selects which library to use for cryptography. In short:

The prioritization is as follows: OpenSSL > mcrypt > pure-PHP
mcrypt and OpenSSL are loads faster than the pure-PHP implementation
mcrypt offers a 45x speedup over the internal mode, OpenSSL offers a 6.5x speedup over mcrypt.

Due to the absence of mcrypt library in PHP 7.2, phpseclib used pure-PHP cryptography implementation which is 45x times slower — that explains why we observe performance degradation.

A logical question here would be, why phpseclib is not using OpenSSL, which is 6.5x times faster than mcrypt and 300x times faster than pure-PHP implementation.

The logic of how phpseclib selects the cryptography backend is very complicated and depends on many variables. Quoting the same phpseclib contributor from GitHub:

If phpseclib is using mcrypt it’s doing so for speed purposes. Either (1) OpenSSL (which is faster than mcrypt) is unavailable or (2) it’s unsuitable for the given algorithm in question (eg. arcfour128 is being used or something; OpenSSL doesn’t support “incremental encryption” as mcrypt did; it can be emulated for block ciphers but not for stream ciphers).