Please Put OpenSSL Out of Its Misery
an analysis by FreeBSD and Varnish developer Poul-Henning Kamp:
OpenSSL must die, for it will never get any better.
The OpenSSL software package is around 300,000 lines of code, which means there are probably around 299 bugs still there, now that the Heartbleed bug — which allowed pretty much anybody to retrieve internal state to which they should normally not have access — has been fixed.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump