On Wed, Apr 15, 2020 at 12:19:24PM +0100, Simon McVittie wrote: > > I think setting defaults in the shared library itself would be more > robust, and if a configuration file to override that is necessary,
This is also the route that Ubuntu took, because it's possible to install the library without the openssl package. I think we should do this too. It causes various issues with the test suite because SHA1 is used for various tests. But I think that has been fixed in master, or has a pull request. I would like to drop SHA1 support in testing/unstable anyway, so I think we should merge those patches once they've all been merged. Kurt