Re: Need help in removing secp521r1 from openssl-1.1.1g and adding TLS_GREASE_BA cipher.

Wed, 30 Jun 2021 23:23:54 -0700 

Hi All,

Please let know if my ask is even possible.

Thanks,
Vinod

On Tue, Jun 29, 2021 at 4:42 PM vinod mg <vinod9...@gmail.com> wrote:

> Hi All,
>
> I am bit a newbie and need some assistance in couple of things -
>
> 1) Supress or a way to remove secp521r1 from the currenlty installed
> openssl.
> 2) Add the cipher - "0xbaba   TLS_GREASE_BA   GREASE" like we see in
> chrome.
>
> I am ok with custom install as well, if above cannot be done with already
> installed openssl package. Please share any wiki I can follow to
> impliment the same.
>
> ~]# openssl ecparam -list_curves
>
>   secp224r1 : NIST/SECG curve over a 224 bit prime field
>
>   secp256k1 : SECG curve over a 256 bit prime field
>
>   secp384r1 : NIST/SECG curve over a 384 bit prime field
>
>   *secp521r1 : NIST/SECG curve over a 521 bit prime field*
>
>   prime256v1: X9.62/SECG curve over a 256 bit prime field
>
> I am using below OS and version-
>
> # cat /etc/redhat-release
>
> Red Hat Enterprise Linux release 8.3 (Ootpa)
>
> # openssl  version -a
>
> OpenSSL 1.1.1g FIPS  21 Apr 2020
>
> built on: Thu Mar 25 16:46:53 2021 UTC
>
> platform: linux-x86_64
>
> options:  bn(64,64) md2(char) rc4(16x,int) des(int) idea(int)
> blowfish(ptr)
>
> compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -g -pipe
> -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
> -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong
> -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
> -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
> -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
> -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes
> -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -DOPENSSL_USE_NODELETE
> -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2
> -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
> -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM
> -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM
> -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\""
> -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"
>
> OPENSSLDIR: "/etc/pki/tls"
>
> ENGINESDIR: "/usr/lib64/engines-1.1"
>
> Seeding source: os-specific
>
> engines:  rdrand dynamic
>
> Really appriciate your time and help, thanks in advance.
>
> Thanks,
> Vinod
>

Reply via email to