<required>
aes
serpent
threefish
chacha

sha2_32
sha2_64
blake2
skein
keccak

gcm
ocb
chacha20poly1305

kdf2
hkdf
cmac
hmac
poly1305
siphash

pbkdf2
bcrypt
compression

# required for private key encryption
pbes2

curve25519
ecdh
ecdsa
rsa
rfc6979

eme_oaep
emsa_pssr
emsa1

auto_rng
hmac_drbg

ffi
</required>

<if_available>
tls
prf_tls

clmul
locking_allocator

aes_ni
aes_ssse3
serpent_simd
threefish_avx2

simd

rdrand_rng
system_rng

# entropy sources
beos_stats
cryptoapi_rng
darwin_secrandom
dev_random
proc_walk
rdrand
rdseed
win32_stats
</if_available>

<prohibited>
cast
des
gost_28147
idea
idea_sse2
kasumi
lion
misty1
rc4
seed
xtea
xtea_simd

cbc_mac
x919_mac

# MD5 and SHA1 are broken but not prohibited. They are widely in use
# in non-crypto contexts and are required by TLS currently
md2
md4
rmd128
has160
gost_3411

cfb
ecb
ofb

elgamal
rw
nr
gost_3410

emsa_x931
pbkdf1
prf_x942
x931_rng

passhash9
cryptobox

# questionable entropy sources
egd
unix_procs
</prohibited>