Worse API?

I had to do some work with the API of OpenSSL 1.x in the olden days, and it always struck me as horrible, complicated and pretty much impossible to use correctly. I do remember a case where the documentation was wrong, most examples were wrong and the only working example was in an email in some OpenSSL list. I know that OpenSSL's locking/multithreaded support is so complicated that people solve that with single-process workers that handle just SSL, and skip all that.

I can't believe they actually made this worse.

Even though it'll be a pain, moving away from OpenSSL might be the right thing to do, overly complicating an already complicated system that people should be able to understand is just wrong.