> This software however is 7 years old, we’re not in a position to drop > everything and rewrite it.
Then don't upgrade? If it's for a CA you don't need TLS 1.3 for example. Or take the existing OpenSSL code that works and jam it into the current release.
