[mitchtbaum]

Gosh, to fix such a problem we'd almost need some kind of machine that can run a different program than its current one. Perhaps with evidence of that as a possibility, we could use a good crypto library instead, eg. https://github.com/jedisct1/libsodium

[dom0]

libsodium is not an OpenSSL replacement and doesn't want to be. It's a cryptographic primitive library and generally doesn't implement cryptographic protocols (eg. TLS, X.509, CMS, CRLs, OCSP, ...).

[mitchtbaum]

That'd be like moving from a beat-up frame-and-tarp survival shelter into any long-term, well-built house.. and still sleeping on dirt.