All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Evaluation of WolfSSL as an OpenSSL Alternative for HAProxy Server

By

thomasjb

3mo ago· 5 min readenReview
Bagel score 92 of 100
92/100
Golden Brown
Bagelometer

Slow-proofed and worth the wait. Worth its weight in flour.

Score92TypereviewSentimentnegative

Summary

The article details the author's negative experience attempting to use WolfSSL as a drop-in replacement for OpenSSL in an HAProxy server. Despite WolfSSL's advertised OpenSSL API compatibility layer, the author encountered unexplained errors and found the library to be incomplete and poorly documented. The piece critiques various SSL/TLS libraries including OpenSSL, BoringSSL, AWS-LC, GnuTLS, and LibreSSL, concluding that there are no good alternatives for certain use cases.

Key quotes

· 5 pulled
OpenSSL sucks. The BoringSSL and AWS-LC forks are Googled and Amazoned to death; they don't care about anyone but their own use cases.
I can't remember ever having a good experience with software using GnuTLS. LibreSSL is incomplete...
This post is about the experience of taking a leap of faith and using WolfSSL as a drop-in replacement for an existing Haproxy server which traditionally uses OpenSSL.
The WolfSSL project specifically has an OpenSSL API compatibility layer so you can presumably swap out OpenSSL almost anywhere.
I encountered some unexplainable errors with it in my implementation.
Snippet from the RSS feed
OpenSSL sucks. The BoringSSL and AWS-LC forks are Googled and Amazoned to death; they don't care about anyone but their own use cases. I can't remember ever having a good experience with software using GnuTLS. LibreSSL is incomplete... FOREWARD This post

You might also wanna read

Guide: Using Custom Cross Compilers with Nix Package Manager

This technical guide explains how to use a custom cross compiler with the Nix package manager, specifically for targeting the Risc OS operat

hobson.space·5mo ago

Standardizing Software Installation: Why Configuration Should Use System Defaults

The article discusses software installation practices, arguing that installers should respect standard configuration and cache directory loc

news.ycombinator.com·7mo ago

Avoid Scheduling Cron Jobs at 2-3 AM Due to Daylight Saving Time Issues

The article warns against scheduling cron jobs (automated tasks) for 2:00 am or 3:00 am on Sunday mornings due to daylight saving time trans

endpointdev.com·7mo ago

Perl Programming Language: Why It Still Matters in 2025

The article discusses the continued relevance and importance of the Perl programming language in 2025, highlighting its practical applicatio

github.com·8mo ago

Why Average LLM Use Is Likely Destroying Value in Software Development

The author argues that, contrary to prevailing hype, the average use of Large Language Models (LLMs) is likely destroying value rather than

unessays.substack.com·10h ago

How AI Accelerated Prototyping: From Idea to Tangible in Record Time

The author reflects on how AI has transformed their prototyping workflow. Previously, the biggest bottleneck was the time needed to scaffold

darylcecile.net·10h ago