Do we really want to have the legacy provider as opt-in only?

Richard Levitte levitte at
Mon Jul 15 14:25:23 UTC 2019

On Mon, 15 Jul 2019 16:15:01 +0200,
Tomas Mraz wrote:
> So saying this is "just recompliation and configuration change" is
> at least somewhat oversimplified.
> But I am OK with that. I'm just saying it should be better advertised
> and that internally openssl should not use the "load legacy provider by
> having it in default config file" to actively encourage the "load
> legacy provider only if you *really* need it" behavior.

I'm a little confused.  "configuration changes" is about "having it in
the config file", so I don't quite understand "oversimplified".

Regardless of where this discussion gets us, it has always been the
aim that this will be configurable with the config file.


Richard Levitte         levitte at
OpenSSL Project

More information about the openssl-project mailing list