So, last night's bedtime reading material was about NaCl.  No, the other NaCl, the crypto API:

http://cr.yp.to/highspeed/coolnacl-20120725.pdf

Their API has three main public functions: generate keypair, encrypt-and-sign, and verify-then-decrypt.  It's pretty fast, uses a seemingly-good variant of elliptic curve, doesn't require memory allocations in the encryption/decryption path, is safe from pesky timing attacks, and works fine with streaming (TCP) as well as lossy (UDP) communications.  It seems to also be nearly 100% impossible to use incorrectly.

Meanwhile, heartbleed.  Compare and oontrast.