[Cryptography] OpenSSL minimal "safe" configuration?

[Henry Baker]

I was trying to build OpenSSL with a minimal, "safe" configuration.

By "safe", I mean using the latest/best algorithms, and *deleting* all the known-to-be-unsafe algorithms.

However, I can't seem to build OpenSSL w/o DES, w/o MD5, etc.

I'd also like to kill off the shorter versions -- e.g., AES-128.

I think I can eliminate AES entirely, but how do you get rid of just AES-128?