<required>
aes
serpent
threefish_512
chacha

sha2_32
sha2_64
blake2
skein
keccak
sha3

gcm
ocb
chacha20poly1305

kdf2
hkdf
cmac
hmac
poly1305
siphash

pbkdf2
bcrypt

# required for private key encryption
pbes2

ed25519
ed448
curve25519
x448
ecdh
ecdsa
rsa
rfc6979

eme_oaep
emsa_pssr

auto_rng
hmac_drbg
</required>

<if_available>
ffi

tls
prf_tls

ghash_cpu
ghash_vperm

locking_allocator
http_util # needed by x509 for OCSP online checks

aes_ni
aes_vperm
aes_armv8
aes_power8
serpent_simd
serpent_avx2
chacha_simd32
chacha_avx2

sha1_sse2
sha1_x86
sha1_armv8
sha2_32_x86
sha2_32_armv8
sha2_32_bmi2
sha2_64_bmi2
keccak_perm_bmi2

simd

sessions_sql
certstor_sql

system_rng
processor_rng

# entropy sources
rdseed
win32_stats
</if_available>

<prohibited>
# Just say no to TLS 1.0
tls_cbc

cast128
des
gost_28147
idea
idea_sse2
lion
rc4
seed

x919_mac

# MD5 and SHA1 are broken but not prohibited. They are widely in use
# in non-crypto contexts and are required by TLS currently
md4
gost_3411

cfb
ofb

elgamal
gost_3410

emsa_x931
prf_x942

passhash9
cryptobox
</prohibited>
