Why do people use OpenSSL? Or any other library that forked from it

Why not start from a clean slate? Companies like Google could afford it

AWS actually has two libraries they use instead: s2n and aws-lc https://github.com/aws/s2n-tls https://github.com/aws/aws-lc

▲

josefx 4 hours ago | parent | prev | next [-]

Security certifications are one reason. OpenSSL maintains a module for FIPS compliance, which includes an entire boatload of weak and broken algorithms nobody else bothers with.

	▲	nextaccountic an hour ago \| parent [-]
		This kind of security certification seems like the exact opposite of actual security

▲

lmm 3 hours ago | parent | prev [-]

Because as horrible as the OpenSSL code is, the best available clean implementation would mean using a language that's weird and French.

▲

nextaccountic an hour ago | parent [-]

Do you mean HACL* / ValeCrypt / EverCrypt?

A number of projects like Firefox and the Linux kernel uses them. It's boring at that point. The generated code is C and assembly can be used like any library, but it has been formally verified.

But, there is ring and rustls too. A number of projects are shifting to it

	▲	lmm 43 minutes ago \| parent [-]
		Hah, I meant ocaml-tls which I think is still the most mature option in this space. But yeah there are other approaches.