<div dir="ltr"><div>Hi All,</div><div><br></div><div>Please let know if my ask is even possible.</div><div><br></div><div>Thanks,<br>Vinod</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 29, 2021 at 4:42 PM vinod mg <<a href="mailto:vinod9987@gmail.com">vinod9987@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi All,<div><br></div><div>I am bit a newbie and need some assistance in couple of things -</div><div><br></div><div><div>1) Supress or a way to remove secp521r1 from the currenlty installed openssl. </div></div><div>2) Add the cipher - "0xbaba   TLS_GREASE_BA   GREASE" like we see in chrome.<br></div><div><br></div><div>I am ok with custom install as well, if above cannot be done with already installed openssl package. Please share any wiki I can follow to impliment the same.</div><div><br></div><div><p style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;margin:0px;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures">~]# openssl ecparam -list_curves</span></p><p style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;margin:0px;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures"><span>  </span>secp224r1 : NIST/SECG curve over a 224 bit prime field</span></p><p style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;margin:0px;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures"><span>  </span>secp256k1 : SECG curve over a 256 bit prime field</span></p><p style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;margin:0px;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures"><span>  </span>secp384r1 : NIST/SECG curve over a 384 bit prime field</span></p><p style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;margin:0px"><span style="font-variant-ligatures:no-common-ligatures;background-color:rgb(204,0,0)"><font color="#000000"><span>  </span><i>secp521r1 : NIST/SECG curve over a 521 bit prime field</i></font></span></p><p style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;margin:0px;color:rgb(0,0,0);background-color:rgb(155,155,155)"></p><p style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;margin:0px;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures"><span>  </span>prime256v1: X9.62/SECG curve over a 256 bit prime field</span></p></div><div><br></div><div>I am using below OS and version-</div><div>





<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures"># cat /etc/redhat-release<span> </span></span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures">Red Hat Enterprise Linux release 8.3 (Ootpa)</span></p></div><div><br></div><div>





<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures"># openssl<span>  </span>version -a</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures">OpenSSL 1.1.1g FIPS<span>  </span>21 Apr 2020</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures">built on: Thu Mar 25 16:46:53 2021 UTC</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures">platform: linux-x86_64</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures">options:<span>  </span>bn(64,64) md2(char) rc4(16x,int) des(int) idea(int) blowfish(ptr)<span> </span></span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures">compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\"" -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures">OPENSSLDIR: "/etc/pki/tls"</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures">ENGINESDIR: "/usr/lib64/engines-1.1"</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures">Seeding source: os-specific</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(155,155,155)"><span style="font-variant-ligatures:no-common-ligatures">engines:<span>  </span>rdrand dynamic<span> </span></span></p></div><div><br></div><div>Really appriciate your time and help, thanks in advance.</div><div><br></div><div>Thanks,</div><div>Vinod</div></div>
</blockquote></div></div>