Behavior of the `no-legacy` configuration option

[mocknen]

With the OpenSSL 3.0, some algorithms were moved to the legacy provider. And when built with the no-legacy option, the provider module does not appear to be created. However, the algorithm that the option disables is MD2 only. As a result, there are cases where some algorithms, such as RC4, that are included in the legacy provider that does not exist but have not been disabled. As such, in order to build OpenSSH with the algorithm included in the legacy provider disabled, one must add options such as no-rc4 explicitly, even if no-legacy is specified.

Is my understanding above correct? If so, it seems natural to me that disabling legacy algorithms should cascade by default from the no-legacy option. It would be helpful to hear some insight.

[mattcaswell]

Providers supply access to algorithms via the "EVP" APIs. The legacy provider supplies access to algorithms that are considered "legacy".

Separate to that are the low level APIs, e.g. algorithms specific APIs. Those are all deprecated in 3.0 but enable you to directly access the underlying algorithms without going through any of the provider machinery. The intention is to eventually remove those APIs - but for now at least they still exist.

IMO, the "no-legacy" option is intended to be about the provider only, not about the algorithms. It's actually a bit odd that it additionally disables MD2. IMO it shouldn't do that - but since its disabled by default anyway its probably not a big deal.