>Xavier Belanger:
> One piece of advice: [opensslcnf.txt] may be considered as a "system
> file" and could be overwritten in the future by some CentOS update.
> Make sure to document that change and to keep an eye of that file;
> or to define your own policy (custom policies are not overwritten).
Our plan is to restore compatibility with OpenSSL before 1.1.1,
i.e. ignore the OpenSSL MinProtocol setting.
It's like extinguishing fires with breaking changes in dependencies,
first with glibc DNSSEC support, now with OpenSSL and allowed
protocols.
Wietse
