Luci over HTTPS (luci-ssl vs. luci-ssl-openssl)

What would be the recommended Package to use? luci-ssl or luci-ssl-openssl? What are the main differences between those two? :slight_smile: All guides I've found only talk about the luci-ssl package.

1 Like

The only difference is encryption library in use. Default SSL library is mbedtls.

But the openssl variant enables openssl-only build if you already have the large openssl library included in the build. Then you can drop mbedtls from the build if no other package needs it.


Crystal clear explanation, @hnyman. Thank you very much for the information :slight_smile:

I tried luci-ssl at first but what I noticed it was that on my TPLINK (WDR4300) luci in ssl mode was so EXTREMELY SLOW that it was unusable (it didn't throw a technical error though).

When using luci-ssl-openssl everything was high speed again!
So maybe this should be noted somewhere in the package description!

Thank you very much for bringing this to my attention! Luci has indeed been very slow since I installed luci-ssl. How did you succesfully remove luci-ssl before you switched over to luci-ssl-openssl? I tried removing luci-ssl, but opening in my browser still brings me to the slow https version of Luci. I understand that luci-ssl is a meta package. Which of the dependencies should I remove to go back to the non-ssl version?

I removed the dependencies "libustream-mbedtls" and "px5g-mbedtls", however, Luci is still opening in with HTTPs.

luci-ssl and luci-ssl-openssl are just empty meta-packages to pull in the required dependencies.

What provides the actual functionality are libustream-mbedtls/ libmbedtls or libustream-openssl/ libopenssl on the other hand.

I already removed those dependencies manually via opkg, however, Luci is still opening in HTTPs, which is extremely weird. Is there a way to go back to non-ssl?

Edit: For other people looking for a solution, I removed the certificate and key with rm /etc/uhttpd.crt and rm /etc/uhttpd.key and ran /etc/init.d/uhttpd restart. Luci is now opening in regular http mode.

1 Like

In addition. If redirecting from port 80 to https had been activated once in uHTTPd this redirect is in the browser cache.
Remedy: Delete or temporarily deactivate the browser cache: E.g. on Firefox I press CTRL+SHIFT-I to open the inspector mode. Go to "Network analysis" and check "Deactivate cache". With the splitscreen open reload your openwrt http url. Now it should stay in http-mode.

1 Like

Hi guys

Sorry to bump an old thread. I have the same problem with LuCI going slow but not with the default mbedtls library but instead OpenSSL.

I've been doing some testing to narrow down the culprit and the OpenSSL version for LuCI behaves oddly with Firefox For Android, but not with anything else. I've tested Opera Mobile, Chrome and Dolphin Browser and the login page loads straight away, whereas Firefox doesn't. The other symptom that occurs is when navigation through links, the page fails to load unless I stop and click it a second time. All desktop browsers are completely fine. Now if I switch to the mbedtls Firefox For Android becomes snappy once again.

Here's a video I made showing the problem I have

Does anyone else have similar problems?

Many thanks


@willowen100 I have been a huge fan of the Fox for many years, especially their built-in Open Web developer tools which save hours of web page debugging. However, Firefox for Android (FF4A) seems somewhat, what's the word? Under-developed. On two Android devices, I too have observed these rather random responses to OpenSSL connections. I might conclude the guys at Mozilla have a way to go before FF4A is out of Beta. You can also try clearing the history/settings, if you've an hour of battery life remaining.

:1st_place_medal:OpenWRT is okay!!!!

1 Like

Cheers for the reply. Mind me asking do you often access the LuCI interface from your mobile phone? I may just have to deal with accessing my router GUI away from the desktop I'll have to use another browser.

Chromium / Safari over an ssh tunnel works for me on Android / iOS

1 Like

@willowen100 I found FF4A sucked with OpenSSL/Luci when testing with it over the LAN. As @jeff has also found, Google Chrome doesn't exhibit Firefoxes spin-loop-repeat behaviours.

Personally, Luci with https should be standard on all OpenWRT builds for devices with enough flash to store the SSL libraries.


Looks like I will using a different browser on Android for accessing my router then... One last question is there any harm in running the mbedTLS backend for SSL as this does work with Firefox For Android?

Many thanks


mbedTLS, in my experience is a reliable TLS library. Though I don't use it with OpenWRT, my experience with it on embedded devices has shown it to interoperate well with OpenSSL.

I have a similar problem with chrome73. Accessing luci with https(openssl) will be very slow, but everything will be fine when using http. I observed the https request and found that there will always be one or a few pending requests. I understand why this is so.

Welcome to the OpenWrt forums.

I ended up installing LuCI with HTTPS support (mbedTLS as SSL backend)

  • libustream-mbedtls
  • px5g-mbedtls

It works flawlessly in Firefox, Chrome and Opera mobile web browsers and used it ever since.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.