help wantedtriaged: feature
Métricas do repositório
- Stars
- (30.157 stars)
- Métricas de merge de PR
- (Nenhuma PRs mesclada em 30d)
Description
When there is no intent to use default provider, presence of default provider is harmful. Harmful because libcrypto size is significant, and it can be accidently used as a fallback.
This is true when using OpenSSL originated providers, as well as foreign.
Examples:
- openssl base + openssl FIPS provider
- just symcrypt provider
- just wolfcrypt provider
- openssl base + (distro / consultancy) FIPS provider
In all of these cases it would help if default provider was default.so, or ability to build libcrypto without default provider at all.
A concrete example of such implementation is Ubuntu FIPS builds that remove loading default provider by default.