Matt Caswell

Pushed. Thanks.

I wonder how well libssl copes if this option is set? I guess it will still send pkcs1.5 based sigalgs. I suppose TLSv1.3 should mostly be ok, but I wonder...

I wonder whether it is worth having an option to ban it only for sign/encrypt. I imagine it will be some while before all cert chains have eradicated PKCS1.5 sigs.

> NIST's transition is for all use not just some. I would be totally un-suprised if they change that stance. > Allowing a partial or total block might be interesting....

Merge commit??

> Yes, but I suggest we move all the corpora to an external repository in all branches, so we have all of the branches use the same corpus. Isn't the...

Are there licence and/or CLA issues with just including the PKITS test data in our codebase?

> They come from NIST which generally mean fair game to use. We should check this with OMC.

OMC: Inclusion of this test data is ok to proceed.

Providers supply access to algorithms via the "EVP" APIs. The legacy provider supplies access to algorithms that are considered "legacy". Separate to that are the low level APIs, e.g. algorithms...