> While the change may involve quite different code paths when it comes to security features, I think we trust OpenSSL enough to be an acceptable crypto backend. And behavior should not change.
Are you sure about this? TLS has a wide variety of protocol options and the supported vs. "available" cryptosystem matrix is complex. Won't these all change if the underlying implementation changes?
> While the change may involve quite different code paths when it comes to security features, I think we trust OpenSSL enough to be an acceptable crypto backend. And behavior should not change.
Are you sure about this? TLS has a wide variety of protocol options and the supported vs. "available" cryptosystem matrix is complex. Won't these all change if the underlying implementation changes?