In this talk, we will discuss the (low-level) security of common open-source general-purpose cryptographic libraries, like OpenSSL and sisters, towards various types of side-channel attacks. Although bringing a rather adequate practical security when used on high-end architectures, like desktop and server ones, using such libraries to secure applications running on embedded platforms is more than problematic, as we will show using several practical examples. For instance, we will demonstrate that most open-source cryptographic code runs in time dependent on secret values, like RSA private keys, for instance. We propose to discuss how an attacker can leverage this knowledge by mounting practical timing attacks, or by exploiting other physical leakages, which is information that is most of the time quite easily to obtain on embedded platforms. Finally, we will describe several best-practice techniques of secure programming that are currently almost never applied in common open-source cryptographic libraries.