> If DSA is almost never used, why enable it by default?
I am amused/bemused that, after years of saying we do not know what people are
doing with OpenSSL, it now is now becoming common practice to blithely assert
"this is not used" when it fits the personal viewpoint of some folks.
My view point (which has been stated elsewhere) is that OpenSSL-3.0 is
about internal restructuring to allow for the various things noted in the
design documents.
It is not about changing the feature set (in a feature reduction sense).
In future releases we will make the mixture of providers
