I don't know the OpenSSL API, Why is this better? Because mortals can use it. "secure" (default) "legacy" (compat) Consider "classic" dumb client and server example in C from an undergraduate course. You need to add 30-40 lines of code to such a program to do make it do TLS 1.2 with the client validating a pinned server certificate. High security choices are the default. It is one line of code to dumb it down to accept legacy TLS and legacy ciphers.