In a nutshell, yes. From a security perspective, look at Fortinet as an egregious example of just how bad. Palo Alto also has some serious internal issues.

not really, a lot of those middleware boxes are doing some form of ASIC offloading for TLS, and the PROM that loads the cert(s) are not rated for heavy writes… thus writing is slow, blocking, and will wear your hardware out.

The larger issue is actually our desire to deprecate cipher suites so rapidly though, those 2-3 year old ASICs that are functioning well become e-waste pretty quickly when even my blog gets a Qualys “D” rating after having an “A+” rating barely a year ago.

How much time are we spending on this? The NSA is literally already in the walls.