[jacques_chester]

Honestly? I'd never heard of it until now.

A quick glance through the MatrixSSL docs suggests that it aims at being specifically an SSL/TLS package. So it can take certainly liberties that would, I presume, make it a bit smaller and faster than PolarSSL in that role.

What interested me about PolarSSL at the time, though, is that it is modular. I wasn't interested in SSL, I was looking for a small, easily-wrapped, standalone implementation of SHA-512 and SHA-512 HMACs. PolarSSL lets me use just the bits I want.

[vaxdigitalnh]

That's my main problem with OpenSSL: it tries to be so much more than SSL (despite it's name), and with all that extra functionality comes more responsibility, e.g. a much higher auditing burden.

OpenSSL is an impressive amount of work that has a long history, but for some purposes, it seems needlessly large and complex.

Reminds me of when OpenBSD wrote openntpd. The ntpd folks felt the need to criticise the project because it tried to simplify things a little, and left out much of the functionality (and complexity) added to ntpd over the years.

Overall, unless I am the one who has written something and thus understands how it is constructed from the ground up, I find smaller amounts of code (e.g. as standalone modules) easier to work with than larger ones.

Massive, integrated projects with huge amounts of code seem very popular, and I often wonder if I am alone in my appreciaton and preference for smaller standalone chunks of code.