It's not really as easy as "use X library". As another commenter mentioned - using stunnel might be better than "rolling your own" based on well tested primitives, but "just using openssl" isn't necessarily a good solution, see eg this recent discussion:

http://lists.randombit.net/pipermail/cryptography/2012-Octob...