> On Sep 24, 2016, at 7:16 PM, Salz, Rich <rsalz at akamai.com> wrote: > >> >> Mr. Neugroschl's quest for a simple solution does bring up -- in my user-oriented opinion -- a very good follow-on question: "Why cannot a config file be utilized by openssl to simply give access based on an allow/deny mechanism that would give users system-wide control in a single place?". > > We just haven't gotten around to it yet. The SSL_CONF API (IIRC also in 1.0.2, definitely in 1.1.0) allows for shared settings in applications that use that API to set the defaults. Most applications are not using this yet... -- Viktor.
