Maybe one could simply build a second version of the library with a different name (libssl-insecure or whatever) which have the old stuff enabled. Those binaries for which it's safe / sane to have insecure algos still supported could be build against that.
Thereby the real libssl could be kept free of any legacy code, avoiding that programs can accidentally use it. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
