A tour-de-force through the real-life SSL-adversities faced by developers outside the ivory tower that are today's browsers. It's the tale of understaffed engineering teams, hard-to-educate administrators. It's the horror of broken and undocumented APIs, and contradicting standards. It's the nightmare of FIPS requirements. It's a story without a happy ending, but with a call to action.