Dear Kurt,

The situation in 1.1.1 was a bit fuzzier than you say.

E.g., openssl built with no-gost in fact permits loading an engine for use
in X.509/CMS, but GOST TLS support becomes unavailable.

On Sun, Oct 18, 2020 at 10:33 AM Kurt Roeckx <k...@roeckx.be> wrote:

> Hi,
>
> It seems that we might start to interprete the no-xxx options
> differently. In 1.1.1 it would completly disable the feature in
> libcrypto, the apps and libssl. It seems that now the
> interpretation changed to just disable the support for it in the
> provider. You might load a different provider that does support
> it, and so the apps and libssl can use it then.
>
> My interpretation was always that we want to completly disable the
> feature, for instance because we don't want to use it at all or we
> want to reduce the size of the binries.
>
>
> Kurt
>
>

-- 
SY, Dmitry Belyavsky

Reply via email to