commentary: openssl appears messy, and one can tell this may have happened because its construction was in conflict with the interests of others (generally assumed to be government spy organizations suppressing cryptography). a testament to this mess is the implementation of quantum security in the fork at https://github.com/open-quantum-safe/openssl , which appears to me to worsen the mess. there are alternatives to openssl, such as gnutls. i should understand these, and i haven't learned much about them. it is likely they have also suffered some disorganization. cryptography is both esoteric and controversial. when many alternatives pop up it is apparent that something is going a little wrong. it's of course also inspiring and really great! and usually one of them is really well done. the pattern has been happening with software systems nowadays. the community is global and diverse and highly talented and censored to an unknown degree, so. when secure code is obscure, it means that not only do errors remain within it, but it is much easier for rogue contributions to intentionally insert usable errors. this defense of usable errors has been highly visible in security channels over the past couple decades. many mysterious voices arguing for less paranoia around systems that generally have locks less than twice the number of doors, nor on all of them. regardless the domain of these things have a lot of poorly defended side channels they contend with so it's kind of intense anyway.