BoringSSL if you can, otherwise most projects still keep using openssl over libressl. LibreSSL API changes were a bit too radical to be widely adopted, and mbedtls or pornin's BearSSL is too different, though much better on recent attacks.<p>I would summarize Google did a better job than the OpenBSD folks. Pornin's BearSSL is also extremely good.