Need help in removing secp521r1 from openssl-1.1.1g and adding TLS_GREASE_BA cipher.

vinod mg vinod9987 at
Tue Jun 29 11:12:29 UTC 2021

Hi All,

I am bit a newbie and need some assistance in couple of things -

1) Supress or a way to remove secp521r1 from the currenlty installed
2) Add the cipher - "0xbaba   TLS_GREASE_BA   GREASE" like we see in chrome.

I am ok with custom install as well, if above cannot be done with already
installed openssl package. Please share any wiki I can follow to
impliment the same.

~]# openssl ecparam -list_curves

  secp224r1 : NIST/SECG curve over a 224 bit prime field

  secp256k1 : SECG curve over a 256 bit prime field

  secp384r1 : NIST/SECG curve over a 384 bit prime field

  *secp521r1 : NIST/SECG curve over a 521 bit prime field*

  prime256v1: X9.62/SECG curve over a 256 bit prime field

I am using below OS and version-

# cat /etc/redhat-release

Red Hat Enterprise Linux release 8.3 (Ootpa)

# openssl  version -a

OpenSSL 1.1.1g FIPS  21 Apr 2020

built on: Thu Mar 25 16:46:53 2021 UTC

platform: linux-x86_64

options:  bn(64,64) md2(char) rc4(16x,int) des(int) idea(int) blowfish(ptr)

compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -g -pipe
-Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
-Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong
-grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
-specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
-fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
-Wa,--noexecstack -Wa,--generate-missing-build-notes=yes
-specs=/usr/lib/rpm/redhat/redhat-hardened-ld -DOPENSSL_USE_NODELETE

OPENSSLDIR: "/etc/pki/tls"

ENGINESDIR: "/usr/lib64/engines-1.1"

Seeding source: os-specific

engines:  rdrand dynamic

Really appriciate your time and help, thanks in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list