Skip to content

Add options to enable GOST by default/support different configuration sets

The following discussions from !1119 (merged) should be addressed:

  • @nmav started a discussion: (+17 comments)

    That's a part which I think is the most questionable in terms of policy. How can we have an implementation which supports GOST but enables it conditionally. For example debian or fedora may want to support GOST but not enable it by default (i.e., enable it via a crypto policy). The reason is that this is a national standard, not widely accepted and enabling by default will trigger pushback to the whole effort of gost support.

For now GOST ciphersuites are going to be merged, but they have to be explicitly enabled on both server (this is more or less fine) and on client (and this ideally should be fixed) sides.