I think the performance improvement that comes with openssl on all systems is minimal, and there's no benefit to shipping openssl as if the http implementation were to be done from scratch where the glue to windows, macos and linux apis would need to be done by hand.
Might as well make use of curl's ability to use the system's libraries dynamically. Also, it would be safer to depend on the system's openssl which should get continuously updated.
I think the performance improvement that comes with openssl on all systems is minimal, and there's no benefit to shipping openssl as if the http implementation were to be done from scratch where the glue to windows, macos and linux apis would need to be done by hand.
Might as well make use of curl's ability to use the system's libraries dynamically. Also, it would be safer to depend on the system's openssl which should get continuously updated.