From the OpenSSL FIPS Security Policy chapter 4, it mentioned there are a number of non-FIPS approved algorithms/ services which are still implemented by the FIPS canister modules (e.g. RSA, DSA, DRDB, ECDSA etc).
Just wondering why these algorithms are still implemented by FIPS Canister.
The concern is, if these algorithms could still be used under FIPS mode, there is risk that the applications which use the FIPS canister modules may become non-FIPS compliant if these algorithms are used by mistake.
Is my understanding correct and in that case is there a way to disable these non-FIPS approved algorithms?