Even without the extensions, by the time you've moved the workload to the FPGA and back, the CPU has already completed whatever operation your FPGA was going to complete with OpenSSL.

FPGA cryptographic acceleration is about batch task bandwidth, OpenSSL has few places where this is required.

If you want to do crypto acceleration for TLS, there's two places to do it. Handshake/signature/key agreement, which could maybe work, but hasn't been the bottleneck in a long time, eliptic curve dramatically reduces the work for the server and most clients can do it; but maybe shipping the data around for that is fine.

The other part is bulk encryption. CPUs have lots of acceleration for that, but clear text is still faster, so the win is not to ship data to an accelerator and then back to the cpu and then out to the NIC, but to ship to the accelerator and from there to the NIC without touching the CPU or often the accelerator is integrated with the NIC.

It works even better if the data never has to touch the CPU.

Yes, this is why FPGAs are used as NICs in many situations, but the folks doing this are of course not using OpenSSL.

You must be great to talk to at parties lol, I guess I shouldn't build a RISC-V CPU because Intel is faster?

You should definitely build a crypto accelerator - just don't integrate it into OpenSSL (painful codebase to work in, no speed benefit, etc.)