OpenBSD team is refactoring OpenSSL

The OpenBSD team is refactoring OpenSSL, which is admirable work.  You can see their progress at

If you read the OpenSSL Rampage blog, you can see that they have their work cut out for them.  The OpenSSL code base is very old, and has had literally hundreds of unknown hands making changes over its 20+ year lifespan.  

The OpenSSL Heartbleed bug has been motivating for a lot of developers, which is probably Heartbleed`s only positive side effect.  As the creators of wolfSSL, a modern clean room implementation of SSL/TLS, we`ve been hearing from a lot of OpenSSL consumers that want to make a change.  They`ve had enough of working with a code base held together with rubber bands and twine.  Here`s why we think OpenSSL users should consider a switch to wolfSSL instead of patching, re-factoring, and hoping:

1.  wolfSSL is clean room developed, which means that we don`t use any OpenSSL code in our implementation of SSL/TLS.  We can point to every developer that has touched a line of our code base.  

2.  Switching from OpenSSL to wolfSSL can be relatively easy.  We usually estimate 1-4 weeks for a project where we rip and replace OpenSSL for wolfSSL.  

3.  If you`re making the switch, we`ll support you, whether you`re an open source project or a commercial user.  

4.  Our code is newer, more modern, and clean.  You should be able to understand the security code plugged into your application, and we think ours is a quick read for competent C/C++ programmers.

5.  We support an OpenSSL compatibility layer which supports the 400 or so most used functions in OpenSSL.  We`ll help you if you need extensions to the layer.

If you have questions, thoughts, or comments to share with us, please email us at, or call us at +1 425 245 8247.