Tomas Mraz wrote in <8dc71838a21fb2508928cab720f5e2c10bab1746.camel@xxxxxxxxxxx>: |A good starting point is to read the migration guide: | |https://www.openssl.org/docs/man3.0/man7/migration_guide.html You .. really have to find that first. I shamelessly post some private conversation i had in the past. ... |Also all of that lacks any good and clear documentation. I literally |just had to spent all my time browsing and travelling through its source |code, because either there is not enough documentation, or it lacks |necessary details, making its presence useless. It became a complete mess. ... |>I think that is the best one can get. |>The more in use the more eyes the better. | |Actually I disagree very much with that. Exactly OpenSSL is the best |example of the fact that "more eyes is better" simply completely does |not work. Devastating problems, catastrophic bugs in OpenSSL, ruining ... |Google just use their own cryptographic implementations. GnuTLS and |libgcrypt are far better choices in my opinion. They are not perfect, |somewhere they are quite bloated (like most things in GNU), but at least |their code does not look like a zoo of mess of completely various people |independent patches. GnuTLS/libgcrypt has very good documentation |(comparing to basically lack of so of OpenSSL). But I also note that I personally (i am the |> quote above) find it a pity that the really nice SSL_CONF_cmd and SSL_CTX_config seem to be second class citizens, that anyhow do not seem to spread to forks. Btw, you surely have heard Changes by: tb@xxxxxxxxxxxxxxx 2022/06/28 14:29:27 Modified files: lib/libssl : ssl.h Log message: Add #defines and prototypes for security level API This marks the start of one of the worst API additions in the history of this library. And as everybody knows the bar is high. Very high. ok beck jsing sthen --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)