Do we really want to have the legacy provider as opt-in only?
rsalz at akamai.com
Mon Jul 15 14:27:44 UTC 2019
> What is the cryptographic weakness of DSA that you are avoiding?
It's a good question. I don't recall the specific reason why that was added to
the list. Perhaps others can comment.
The only weakness I know about is that if you re-use the nonce, the private key is leaked. It's more brittle than RSA-PKCS, but not as flawed as RC4.
I think this should be removed from the "legacy" list unless someone can point out why it's like the others in the list.
More information about the openssl-project