Print key exchange group for hybrid PQC

Resolves: RHEL-66163

0141-print-pq-group.patch

@@ -0,0 +1,19 @@
+diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
+index 3b3c0dd0b38f5..026315406e298 100644
+--- a/apps/lib/s_cb.c
++++ b/apps/lib/s_cb.c
+@@ -418,8 +418,13 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
+ {
+     EVP_PKEY *key;
+ 
+-    if (!SSL_get_peer_tmp_key(s, &key))
++    if (!SSL_get_peer_tmp_key(s, &key)) {
++        if (SSL_version(s) == TLS1_3_VERSION)
++            BIO_printf(out, "Negotiated TLS1.3 group: %s\n",
++                       SSL_group_to_name(s, SSL_get_negotiated_group(s)));
+         return 1;
++    }
++
+     BIO_puts(out, "Server Temp Key: ");
+     switch (EVP_PKEY_get_id(key)) {
+     case EVP_PKEY_RSA:

openssl.spec

@@ -183,6 +183,8 @@ Patch138: 0138-Add-a-test-for-an-empty-NextProto-message.patch
 Patch139: 0139-CVE-2024-6119.patch
 # https://github.com/openssl/openssl/pull/26197
 Patch140: 0140-prov_no-cache.patch
+# https://github.com/openssl/openssl/pull/25959
+Patch141: 0141-print-pq-group.patch
 
 License: Apache-2.0
 URL: http://www.openssl.org/
@@ -534,6 +536,8 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
   Resolves: RHEL-71903
 - Fix pkcs12 command line segfault
   Resolves: RHEL-70878
+- Print key exchange group for hybrid PQC
+  Resolves: RHEL-66163
 
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:3.2.2-14
 - Bump release for October 2024 mass rebuild: