Does algorithm fetching falls back if provider does not support algorithm parameters?

Afshin Pir Afshin.Pir at
Mon Apr 3 01:19:51 UTC 2023

Hi all,
I wonder what happens if the fetched algorithm does not support algorithm parameters. For example, let's say we have provider "A" which supports RSA up to 2048 bit. Now we load provider "A" and default provider (or fips provider) and use querystring "?provider=a" to give priority to provider "A". Now if we try to create an RSA keypair or do a signature up to 2048-bit, provider "A" will be used, and everything works just fine. But what happens if we try to use RSA 4096? Provider "A" does not support importing or generating this bit size and corresponding methods fails. Now will loading or generating falls back on default or fips provider which is already loaded in the context?

Best Regards,
This email is confidential and may contain information subject to legal privilege. If you are not the intended recipient please advise us of our error by return e-mail then delete this email and any attached files. You may not copy, disclose or use the contents in any way. The views expressed in this email may not be those of Gallagher Group Ltd or subsidiary companies thereof.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list