Reviews and Ratings
XySSL is a relatively new library: the first release was published in november 2006 (18 months ago). Its progression has been mostly uneven, with periods lacking progress and short bursts of activity. A large part of the bugs were corrected thanks to the many users of the library who contributed their feedback. The library provides most basic crypto blocks, but lags behind other cryptographic libraries; as an example, OAEP/PSS RSA padding hasn't been implemented yet.
Considering that crypto is generally a critical link in the security of a project, it may be more prudent to use other, more mature libraries (such as OpenSSL). In fact, although the source code of XySSL looks nice and well-commented, it still may contain important bugs. For example, the 0.9 release fixed a critical denial-of-service vulnerability in the X.509 certificate verification code.