Dear Kurt, The situation in 1.1.1 was a bit fuzzier than you say.
E.g., openssl built with no-gost in fact permits loading an engine for use in X.509/CMS, but GOST TLS support becomes unavailable. On Sun, Oct 18, 2020 at 10:33 AM Kurt Roeckx <k...@roeckx.be> wrote: > Hi, > > It seems that we might start to interprete the no-xxx options > differently. In 1.1.1 it would completly disable the feature in > libcrypto, the apps and libssl. It seems that now the > interpretation changed to just disable the support for it in the > provider. You might load a different provider that does support > it, and so the apps and libssl can use it then. > > My interpretation was always that we want to completly disable the > feature, for instance because we don't want to use it at all or we > want to reduce the size of the binries. > > > Kurt > > -- SY, Dmitry Belyavsky