So, I decided to make an effort to dump OpenSSL and replace it with LibreSSL. This has been mostly succesful (there are a few holdouts, but they are non-critical and they are not internet-facing, so no worries). But man, if you see how many places OpenSSL has stuck it’s grubby paws into, you would be shocked. It’s really a lot. Most of it software that has been around for a while. Also lots of stuff that many people trust. And I have seen interesting breakages from some apps that fall back to EGD for grabbing seeds. Yes, I am not kidding. This is one area where OpenSSL is extremely broken (random numbers). See http://opensslrampage.org/post/82975103611/so-the-openssl-codebase-does-get-the-time-add-it
As far as all the server daemons that I use, they are all OpenSSL-free now. I am happy. I would even say that everything performs a bit snappier now, but I think that’s confirmation bias and maybe the fact that everything got a restart.