Security record: https://botan.randombit.net/security.html

Also worth considering: https://tls.mbed.org/ I've used it and it is indeed very easy to use.

The API of Botan forces you to use `secure_vector<byte>` to store data to be encrypted or decrypted. That makes it impossible to eliminate unnecessary copying where possible. A huge design mistake.

What unnecessary copying are you referring to? According to the documentation, `secure_vector` is just a typedef of `std::vector` with a custom allocator that zeroes memory on destruction.

Also, in C++11, `std::vector` contains the member function `data()` which returns a pointer to the underlying data. The data is mutable through this pointer.

It also tries to "mlock" the memory region on Linux so it doesn't get swapped, however it falls back to allowing swapping when it fails.

And before C++11 you could just do &vec[0].

Aside from idscout's points, wondrous things like move & reference semantics minimize the the need to impose extra copying... and of course you can probably use typedef/aliasing tricks to go over step further.

Given the desire for the use of secure memory (hardly unique to the library), the usual overhead involved with network PKI (even if you use a hardware accelerator and rdma-type networking, left alone the CPU), and the common practice with networking code in general to copy data in to buffers (particularly with asynchronous IO code), I'd hardly call this a huge design mistake.

To be noted Boost.ASIO offers integrated SSL support, based on OpenSSL (with the advantages and disadvantages that it brings).