You say those OpenSSL alternatives can be dangerous. Yet, you also never recommend against OpenSSL despite it proving itself to be quite dangerous in more ways than just cryptographic. Strange double standard.
Anyway, Fox IT [1] recently used PolarSSL in their OpenVPN respin. It's been immune to a number of issues that hit OpenSSL while their mailing list indicates steady work at finding and fixing its own problems. Improved the cryptographic defaults, too. The effort is open source. If you see non-OpenSSL crypto problems, feel free to publish them and suggest improvements so people in or outside those projects can make the systems better. So far, you mainly just blanket recommend against while pushing dangerous stuff (OpenSSL) on readers.
Note: At least you endorsed two alternatives to OpenSSL in this one. A first.
That's straightforward and means we agree on an alternative (LibreSSL). You haven't mentioned the converse issue though: only vague warnings with a broad word (cryptographic). I'm not even disagreeing with you on PolarSSL, necessarily. The problem is you quickly dismiss them without details while you don't do the same for OpenSSL despite known, horrific details available justifying avoiding it. So, I guess the dispute boils down to those issues:
1. What's the specific reason those libraries suck worse than OpenSSL (which SUCKS) and where did you publish that for peer review/improvement?
2. Why don't you treat OpenSSL the same for all its problems and recommend what you believe is a decent alternative (eg LibreSSL)? (Double standards always bother me in this field.)
That's the consistent trend in these threads: deny several for vague reasons; fine with a known bad one despite non-vague reasons against.
