[kyrra]

For Go, you probably don't want to use their net/http server if you will also have it doing SSL/TLS. Go's TLS implementation doesn't support a lot of older cipher suites which could be a problem for some clients. As well, it is not as hardened as OpenSSL and others (such as possibly being vulnerable to timing attacks[0]).

[0] https://code.google.com/p/go/issues/detail?id=2445

[zsombor]

OTH there was no Heartbleed bug in the SSL implementation of Go's net/http. So much for hardened implementation. Secondly you can use go behind a http proxy, or even in an FCGI etc environment with minimal change to the code.

[icebraining]

It's to be expected that different implementations will have different bugs; that doesn't mean the Go's is better.

That said, it's an advantage of heterogeneity; you get some security by being a small target in a sea of OpenSSL servers.