Hello My impression is that web based projects lean towards OpenSSL, while for example the whole GTK/Gnome desktop stack is using GnuTLS (with nettle/hogweed). So you will not get rid of either crypto stack.
Then I also think that OpenSSL 0.9.x/1.x and the new OpenSSL 3.x have to be treated like two completely different libraries. They have different licenses and intentionally broke APIs to end the mess that OpenSSL was. It is a situation like Python 2 and 3, we will have both around for a long time, because upstream code has to be ported to new APIs. An then there is NSS by Mozilla, and there is also libgcrypt, which is the basis of GnuPG. To my knowledge, it does not even share core routines with GnuTLS. GnuPG is also a core dependency for any Debian installation that we will not get rid of. tl;dr: There are many different crypto libraries which more or less do the same thing, but we will not likely get rid of any. Regards Stephan
