Allow loading of non default providers

This allows OpenVPN to load non-default providers. This is mainly
useful for loading the legacy provider with --providers legacy default

Patch v4: use spaces to seperate providers, unload providers.
Patch v5: General cleanup, rename option to --providers, add
          option to usage() and add an entry to Changes.rst
Patch v6: allow --providers also to be used (and be ignored) with mbed TLS

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20211112130231.3799480-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20211112130231.3799480-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>

1 files changed, 7 insertions, 0 deletions

diff --git a/Changes.rst b/Changes.rst
index 6f04e59..7cceffc 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -50,6 +50,13 @@ Compatibility mode (``--compat-mode``)
     with older peers. The options ``--compat-mode`` allows UIs to provide users
     with an easy way to still connect to older servers.
 
+OpenSSL 3.0 support
+    OpenSSL 3.0 has been added. Most of OpenSSL 3.0 changes are not user visible but
+    improve general compatibility with OpenSSL 3.0. ``--tls-cert-profile insecure``
+    has been added to allow selecting the lowest OpenSSL security level (not
+    recommended, use only if you must). OpenSSL 3.0 no longer supports the Blowfish
+    (and other deprecated) algorithm by default and the new option ``--providers``
+    allows loading the legacy provider to renable these algorithms.
 
 Deprecated features
 -------------------