[ryuuchin]

There also BoringSSL[1] but that might be even more of a departure than LibreSSL in terms of API compatibility. I still think it's surprising that we don't see more BoringSSL being used especially with nginx.

[1] https://boringssl.googlesource.com/boringssl/

[detaro]

Why would you use it, if the people making it explicitly recommend against you doing so?

[jaas]

There are some good reasons not to use it. Primarily the lack of API stability and that, as you mention, the people making it caution against it.

But to answer your question, why would someone choose to use it anyway? One reasonable justification is that many people believe (probably myself included) that the quality is superior to openssl or libressl. The APIs are unstable but the flip side of that coin is that they're probably better. Also the engineering practices behind boringssl have lead to what I would call relatively high quality code. It's well structured, clear, and maybe less likely to suffer as many serious bugs as the alternatives. Time will tell.

Not that I'm recommending it for everyone, just answering your question. Quality is often in the eye of the beholder, use what works best for you.

[gbrown_]

I would note LibreSSL has taken fixes from BoringSSL.