Андрей Аладьев aladjev.andrew@gmail.com writes:
I've noticed this flag is already a part of ".gitlab-ci.yml".
In that case, it is passed to gnutls' configure, not nettle's, and there are some technical reasons for it.
From my point of view - I don't trust any russian government innovation, especially because of their crypto-licensing politics and unknown genesis of s-boxes.
Note that nettle supports various known-weak or known-broken algorithms, for compatibility with old applications and protocols. E.g, original single DES, MD4 message digests, 512-bit RSA. Selection of appropriate algorithms and key sizes is left for the application.
But I am sure that this flag will be used by many people: for example openwrt, ddwrt developers don't like additional code.
Nettle doesn't have any fine-grained configure mechanism to control which algorithms are included in the library. It could be added, but it's a significant amount of work to make everything configurable, and it will also add complexity downstream, since removing any algorithm breaks the shared library ABI.
On an embedded system like an openwrt router, you could consider using static libraries; then the linker will pull in only those object files that are referenced by the main program. (And avoid features like nettle_get_hashes, since by design that function references all supported hash algorithms).
Regards, /Niels