I was $(($(date +%Y) - 1997)) years old when I first got a successful TLS connection implemented on top of OpenSSL. I've heard frightening stories about OpenSSL *internals*, but honestly even the public API is quite sad and convoluted?
Granted, I know nothing about cryptography or TLS, but can't the API be essentially:
pub struct TLS<T> { inner: T, ... }
impl<T> AsyncRead + AsyncWrite for TLS<T>
where T: AsyncRead + AsyncWrite
{ ... }
? (Or whatever mimicking this amounts to in unsafe C?)