A lot of the basic network protocols that make up the infrastructure of the Internet are built in to most major Operating Systems. For example, TCP, UDP, and DNS are all built into Linux, UNIX and Windows, and are made available to the programmer through low-level system APIs.
But when it comes to SSL or TLS, one has to turn to a third-party library such as OpenSSL or Mozilla NSS.
SSL is a relatively old protocol, and it's basically an industry standard as ubiquitous as TCP/IP, so why isn't it built into most Operating Systems?
Best Answer
I think it mainly depends on what you see as "the OS". If it is the kernel, my answer would be: why should it? I might be wrong, but is DNS not a part of the glibc on Linux systems, which is a thrid-party library?
If it is not about kernel or user space, nearly every OS / platform has an SSL / TLS stack, some might have more than one.
It can even be seen as an advantage. If there was no OpenSSL, you would have to adapt to the Windows, Mac and Linux ( and ... ) API. TLS not beeing part of the OS allows to write cross platform TLS applications. Just pick a TLS library, that supports your target platforms.
For me, the real problem with TLS is, that you can not simply "turn it on". Instead, you have to manage a set of trusted certificates, certificate revocation lists, self signed certificates and so on. All of these require lots of user interaction.
Sadly, security never comes for free. It is effort for programmers and inconvenience for users.