State of OpenSSL Stacks

I have read the article and there's a lot there. From my perspective, it would be helpful to break it down into separate parts. For instance, a good deal of the performance questions focused on the regression that happened with 3.0. (This is something our performance benchmarks show.) That's unfortunate, but people should be moving to using 3.5, which is an LTS and a significant upgrade over 3.0.

The comparison with other SSL/TLS libraries is a separate question. It could be that OpenSSL isn't going to be the right choice for HAProxy. Or maybe there can be effort put into performance improvements in a multithreaded environment. (But there is always a tradeoff. Is this the most impactful thing for the limited number of OpenSSL developers to be doing?)

The decision-making process is complicated because the new BACs and TACs aren't going to work like the OMC and OTC. However it's reasonable, from the outside, to assume they will. Ultimately the only way to change the narrative is to demonstrate that things have changed. (Which isn't to say the decisions would necessarily come out differently. The key is showing how the sausage is made, so to speak.)

The article says it started as an internal document. Personally I'm glad they published it because it gives us a chance to address misconceptions and fix real issues. I'd avoid stirring up drama, which will pull in gawkers. On the other hand, it doesn't hurt to acknowledge real problems. Ideally we'd fix problems too, of course, but that's not always possible.