Meaning of no-xxx option

Dmitry Belyavsky beldmit at
Sun Oct 18 09:27:54 UTC 2020

Dear Kurt,

The situation in 1.1.1 was a bit fuzzier than you say.

E.g., openssl built with no-gost in fact permits loading an engine for use
in X.509/CMS, but GOST TLS support becomes unavailable.

On Sun, Oct 18, 2020 at 10:33 AM Kurt Roeckx <kurt at> wrote:

> Hi,
> It seems that we might start to interprete the no-xxx options
> differently. In 1.1.1 it would completly disable the feature in
> libcrypto, the apps and libssl. It seems that now the
> interpretation changed to just disable the support for it in the
> provider. You might load a different provider that does support
> it, and so the apps and libssl can use it then.
> My interpretation was always that we want to completly disable the
> feature, for instance because we don't want to use it at all or we
> want to reduce the size of the binries.
> Kurt

SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-project mailing list