[raesene9]

OpenSSL is not the only available implementation of SSL.

[detaro]

Realistically, it's the one that's gonna be used in apt though. (E.g. the existing HTTPS transport uses curl, which uses OpenSSL)

[jwilk]

libcurl has many TLS backends. APT before 1.6 actually uses the GnuTLS one.

APT ≥ 1.6 doesn't use libcurl; it uses GnuTLS directly.

[detaro]

I stand corrected, thx.

[raesene9]

Sure, my point was more that if it's a serious concern to use OpenSSL (Personally I don't think it is, as a lot of work has been done in recent years to improve that codebase), that other options are available.