This is not about coding AES, it's about designing APIs for cryptographic libraries. If you're a programmer using those APIs, it would be helpful to know whether they're well-designed, and what pitfalls might be there if they're not.
"Security at the expense of usability, comes at the expense of security."
Misuse-resistant cryptography API design is a particular hobby horse of mine. (My other hobby horse is software update security.)
A lot of the arguments in favor of cipher agility (a.k.a. runtime negotiation and risk of downgrade attacks) come from well-intended people who haven't internalized the past few decades of real world cryptographic failures.
I liken it to building a brick wall that's expected to hold up a roof.
Would you rather have a wall made by carefully placing bricks and mortar in place once, and if need be, rebuild the brick wall later with better materials?
Or would a lattice of mortar that lets you hot-swap bricks as needed be a preferable design?
The first one is versioned protocols. The latter is what keeps people typing AES into their code.
