> It isn't just this. Qt 5.10 introduces new dependency on OpenSSL 1.1 > APIs for improved security, and LibreSSL does not implement those APIs > at all.
The 1.1 API does not improve security. If anything, the new API requires to you repeat the same or similar arguments to many functions, and in many ways the API is much more fragile. Also, more memory allocation and free is required, and as a result quite a few software upgrades to 1.1 API have had memory leaks, as well as use-after-free and double-free bugs. A very large patch for converting openssh to 1.1 was provided by folk who very much know the API, and it had several stupid and quite dangerous mistakes of that sort. Don't believe all the promises you hear.
