OpenSSL has a terrible codebase and development completely stalled for a while as it basically went to shit.
LibreSSL forked during the end of that period, but it didn’t quite get enough traction, and the demand for it went down, while openssl also a critical dependency for so many things.
Honestly OpenSSL just stole enough from LibreSSL to sort itself out a bit, and not enough people switched, plus all the new algorithms are written by academic or big corp crypto guys who throw it over the wall into OpenSSL as the default place everything gets used.
Also OpenSSL is certified which means any critical application has to use it.
What’s the deal with libreSSL at this point, it seems like a few distros added it then removed it a few years later, now you don’t hear about it much.
For me, I just use it because I feel different.
OpenSSL has a terrible codebase and development completely stalled for a while as it basically went to shit.
LibreSSL forked during the end of that period, but it didn’t quite get enough traction, and the demand for it went down, while openssl also a critical dependency for so many things.
Honestly OpenSSL just stole enough from LibreSSL to sort itself out a bit, and not enough people switched, plus all the new algorithms are written by academic or big corp crypto guys who throw it over the wall into OpenSSL as the default place everything gets used.
Also OpenSSL is certified which means any critical application has to use it.