[avsm]

The Conduit I/O library that we're building in Mirage/OCaml allows the application to select which SSL transport layer implementation that it's linking with. Both Lwt_ssl (which binds to OpenSSL) and OCaml-TLS will be supported when it's released for exactly this reason. There's a blog post due about this next week.

As to your other complaint that OpenSSL "just works", note that numerous issues have been swept under the rug over the years (see the LibreSSL CVS logs for more pointers). I'd suggest reading this paper about the most dangerous code in the world for more background: http://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-b...

So when you're using the Haskell library and running into bugs, think of the time you're spending bugfixing and filing patches as a little social tax that contributes to fixing an important technical issue that threatens the stability of the Internet if it's not comprehensively addressed.