boringssl is a good choice. to disable DES and other known-to-be-unsafe algorithms, try this build script : https://github.com/byronhe/modern-crypto-toolbox/blob/master/build_openssl.sh