Do we really want to have the legacy provider as opt-in only?

Richard Levitte levitte at openssl.org
Mon Jul 15 14:25:23 UTC 2019


On Mon, 15 Jul 2019 16:15:01 +0200,
Tomas Mraz wrote:
> 
> So saying this is "just recompliation and configuration change" is
> at least somewhat oversimplified.
>
> But I am OK with that. I'm just saying it should be better advertised
> and that internally openssl should not use the "load legacy provider by
> having it in default config file" to actively encourage the "load
> legacy provider only if you *really* need it" behavior.

I'm a little confused.  "configuration changes" is about "having it in
the config file", so I don't quite understand "oversimplified".

Regardless of where this discussion gets us, it has always been the
aim that this will be configurable with the config file.

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-project mailing list