The State of OpenSSL for pyca/cryptography

tuetuopay 1/15/2026|

> OpenSSL allowed replacing any algorithm at any point in program execution

Just this is completely nuts. What in the world is the usecase for this? Fanatics of hotpatching systems for zero-downtime-ever? No wonder the performance is crippled by locks left and right, it's pure recipe for disaster.

jiggawatts 1/27/2026|

I’ve done this kind of thing before: I wrote a 3D game engine that could switch between DirectX and OpenGL at runtime and also switch GPUs dynamically.

At some point the architecture becomes a toy to play with, like a train set. Trying to push the abstractions as far as they can possibly go within the bounds of the parent language is a fun challenge to tackle.

Of course, this is pointless and even counterproductive. I only did this decades ago when I was a junior developer. With more experience I now deeply appreciate simple, straightforward, to-the-point code.

I tell juniors: “Just do the thing.”

snvzz 1/28/2026||

Instead of everybody switching to LibreSSL, we had the Linux Foundation reward OpenSSL's incompetence with funding.

We are still suffering from that mistake, and LibreSSL is well-maintained and easier to migrate to than it ever was.

What the hell are we waiting for?

Is nobody at Debian, Fedora or Ubuntu able to step forward and set the direction?

ethin 1/15/2026|

Honestly, I rarely ever use openssl these days unless I must. Now, I go for Botan, or cryptography, or monocypher, any number of cryptographic library alternatives that are designed well and are really fast.