diff --git CryptoPkg/Library/Include/crypto/dso_conf.h CryptoPkg/Library/Include/crypto/dso_conf.h
index 95f4db2b15..851d1d6a5c 100644
--- CryptoPkg/Library/Include/crypto/dso_conf.h
+++ CryptoPkg/Library/Include/crypto/dso_conf.h
@@ -1,16 +1,16 @@
 /* WARNING: do not edit! */
-/* Generated from include/crypto/dso_conf.h.in */
-/*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef OSSL_CRYPTO_DSO_CONF_H
-# define OSSL_CRYPTO_DSO_CONF_H
-# define DSO_NONE
-# define DSO_EXTENSION ".so"
-#endif
+/* Generated from include/crypto/dso_conf.h.in */

+/*

+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.

+ *

+ * Licensed under the OpenSSL license (the "License").  You may not use

+ * this file except in compliance with the License.  You can obtain a copy

+ * in the file LICENSE in the source distribution or at

+ * https://www.openssl.org/source/license.html

+ */

+

+#ifndef OSSL_CRYPTO_DSO_CONF_H

+# define OSSL_CRYPTO_DSO_CONF_H

+# define DSO_NONE

+# define DSO_EXTENSION ".so"

+#endif

diff --git CryptoPkg/Library/Include/openssl/opensslconf.h CryptoPkg/Library/Include/openssl/opensslconf.h
index 3a2544ea5c..22268391ab 100644
--- CryptoPkg/Library/Include/openssl/opensslconf.h
+++ CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -1,29 +1,29 @@
-/*
+/*

  * WARNING: do not edit!
- * Generated from include/openssl/opensslconf.h.in
- *
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/opensslv.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# error OPENSSL_ALGORITHM_DEFINES no longer supported
-#endif
-
-/*
- * OpenSSL was configured with the following options:
- */
-
+ * Generated from include/openssl/opensslconf.h.in

+ *

+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.

+ *

+ * Licensed under the OpenSSL license (the "License").  You may not use

+ * this file except in compliance with the License.  You can obtain a copy

+ * in the file LICENSE in the source distribution or at

+ * https://www.openssl.org/source/license.html

+ */

+

+#include <openssl/opensslv.h>

+

+#ifdef  __cplusplus

+extern "C" {

+#endif

+

+#ifdef OPENSSL_ALGORITHM_DEFINES

+# error OPENSSL_ALGORITHM_DEFINES no longer supported

+#endif

+

+/*

+ * OpenSSL was configured with the following options:

+ */

+

 #ifndef OPENSSL_SYS_UEFI
 # define OPENSSL_SYS_UEFI 1
 #endif
@@ -55,9 +55,6 @@ extern "C" {
 #ifndef OPENSSL_NO_DSA
 # define OPENSSL_NO_DSA
 #endif
-#ifndef OPENSSL_NO_EC
-# define OPENSSL_NO_EC
-#endif
 #ifndef OPENSSL_NO_IDEA
 # define OPENSSL_NO_IDEA
 #endif
@@ -88,9 +85,6 @@ extern "C" {
 #ifndef OPENSSL_NO_SEED
 # define OPENSSL_NO_SEED
 #endif
-#ifndef OPENSSL_NO_SM2
-# define OPENSSL_NO_SM2
-#endif
 #ifndef OPENSSL_NO_SRP
 # define OPENSSL_NO_SRP
 #endif
@@ -157,12 +151,6 @@ extern "C" {
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
 # define OPENSSL_NO_EC_NISTP_64_GCC_128
 #endif
-#ifndef OPENSSL_NO_ECDH
-# define OPENSSL_NO_ECDH
-#endif
-#ifndef OPENSSL_NO_ECDSA
-# define OPENSSL_NO_ECDSA
-#endif
 #ifndef OPENSSL_NO_EGD
 # define OPENSSL_NO_EGD
 #endif
@@ -229,9 +217,6 @@ extern "C" {
 #ifndef OPENSSL_NO_TESTS
 # define OPENSSL_NO_TESTS
 #endif
-#ifndef OPENSSL_NO_TLS1_3
-# define OPENSSL_NO_TLS1_3
-#endif
 #ifndef OPENSSL_NO_UBSAN
 # define OPENSSL_NO_UBSAN
 #endif
@@ -247,100 +232,100 @@ extern "C" {
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 # define OPENSSL_NO_DYNAMIC_ENGINE
 #endif
-
-
-/*
- * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
- * don't like that.  This will hopefully silence them.
- */
-#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
-
-/*
- * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
- * declarations of functions deprecated in or before <version>. Otherwise, they
- * still won't see them if the library has been built to disable deprecated
- * functions.
- */
-#ifndef DECLARE_DEPRECATED
-# define DECLARE_DEPRECATED(f)   f;
-# ifdef __GNUC__
-#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
-#   undef DECLARE_DEPRECATED
-#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
-#  endif
-# endif
-#endif
-
-#ifndef OPENSSL_FILE
-# ifdef OPENSSL_NO_FILENAMES
-#  define OPENSSL_FILE ""
-#  define OPENSSL_LINE 0
-# else
-#  define OPENSSL_FILE __FILE__
-#  define OPENSSL_LINE __LINE__
-# endif
-#endif
-
-#ifndef OPENSSL_MIN_API
-# define OPENSSL_MIN_API 0
-#endif
-
-#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
-# undef OPENSSL_API_COMPAT
-# define OPENSSL_API_COMPAT OPENSSL_MIN_API
-#endif
-
-/*
- * Do not deprecate things to be deprecated in version 1.2.0 before the
- * OpenSSL version number matches.
- */
-#if OPENSSL_VERSION_NUMBER < 0x10200000L
-# define DEPRECATEDIN_1_2_0(f)   f;
-#elif OPENSSL_API_COMPAT < 0x10200000L
-# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_2_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x10100000L
-# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_1_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x10000000L
-# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_0_0(f)
-#endif
-
-#if OPENSSL_API_COMPAT < 0x00908000L
-# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_0_9_8(f)
-#endif
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/*
- * The following are cipher-specific, but are part of the public API.
- */
-#if !defined(OPENSSL_SYS_UEFI)
-# undef BN_LLONG
-/* Only one for the following should be defined */
-# undef SIXTY_FOUR_BIT_LONG
-# undef SIXTY_FOUR_BIT
-# define THIRTY_TWO_BIT
-#endif
-
-#define RC4_INT unsigned int
-
-#ifdef  __cplusplus
-}
-#endif
+

+

+/*

+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers

+ * don't like that.  This will hopefully silence them.

+ */

+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;

+

+/*

+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the

+ * declarations of functions deprecated in or before <version>. Otherwise, they

+ * still won't see them if the library has been built to disable deprecated

+ * functions.

+ */

+#ifndef DECLARE_DEPRECATED

+# define DECLARE_DEPRECATED(f)   f;

+# ifdef __GNUC__

+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)

+#   undef DECLARE_DEPRECATED

+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));

+#  endif

+# endif

+#endif

+

+#ifndef OPENSSL_FILE

+# ifdef OPENSSL_NO_FILENAMES

+#  define OPENSSL_FILE ""

+#  define OPENSSL_LINE 0

+# else

+#  define OPENSSL_FILE __FILE__

+#  define OPENSSL_LINE __LINE__

+# endif

+#endif

+

+#ifndef OPENSSL_MIN_API

+# define OPENSSL_MIN_API 0

+#endif

+

+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API

+# undef OPENSSL_API_COMPAT

+# define OPENSSL_API_COMPAT OPENSSL_MIN_API

+#endif

+

+/*

+ * Do not deprecate things to be deprecated in version 1.2.0 before the

+ * OpenSSL version number matches.

+ */

+#if OPENSSL_VERSION_NUMBER < 0x10200000L

+# define DEPRECATEDIN_1_2_0(f)   f;

+#elif OPENSSL_API_COMPAT < 0x10200000L

+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)

+#else

+# define DEPRECATEDIN_1_2_0(f)

+#endif

+

+#if OPENSSL_API_COMPAT < 0x10100000L

+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)

+#else

+# define DEPRECATEDIN_1_1_0(f)

+#endif

+

+#if OPENSSL_API_COMPAT < 0x10000000L

+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)

+#else

+# define DEPRECATEDIN_1_0_0(f)

+#endif

+

+#if OPENSSL_API_COMPAT < 0x00908000L

+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)

+#else

+# define DEPRECATEDIN_0_9_8(f)

+#endif

+

+/* Generate 80386 code? */

+#undef I386_ONLY

+

+#undef OPENSSL_UNISTD

+#define OPENSSL_UNISTD <unistd.h>

+

+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION

+

+/*

+ * The following are cipher-specific, but are part of the public API.

+ */

+#if !defined(OPENSSL_SYS_UEFI)

+# undef BN_LLONG

+/* Only one for the following should be defined */

+# undef SIXTY_FOUR_BIT_LONG

+# undef SIXTY_FOUR_BIT

+# define THIRTY_TWO_BIT

+#endif

+

+#define RC4_INT unsigned int

+

+#ifdef  __cplusplus

+}

+#endif

diff --git CryptoPkg/Library/OpensslLib/OpensslLib.inf CryptoPkg/Library/OpensslLib/OpensslLib.inf
index cc27b8c57c..4ac9d6f53c 100644
--- CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -199,6 +199,43 @@
   $(OPENSSL_PATH)/crypto/dso/dso_vms.c
   $(OPENSSL_PATH)/crypto/dso/dso_win32.c
   $(OPENSSL_PATH)/crypto/ebcdic.c
+  $(OPENSSL_PATH)/crypto/ec/curve25519.c
+  $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+  $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+  $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+  $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+  $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+  $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+  $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+  $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+  $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+  $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+  $(OPENSSL_PATH)/crypto/ec/ec_check.c
+  $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+  $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+  $(OPENSSL_PATH)/crypto/ec/ec_err.c
+  $(OPENSSL_PATH)/crypto/ec/ec_key.c
+  $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+  $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+  $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+  $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+  $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+  $(OPENSSL_PATH)/crypto/ec/ec_print.c
+  $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+  $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+  $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+  $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+  $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+  $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+  $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
   $(OPENSSL_PATH)/crypto/err/err.c
   $(OPENSSL_PATH)/crypto/err/err_prn.c
   $(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -384,6 +421,10 @@
   $(OPENSSL_PATH)/crypto/siphash/siphash.c
   $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
   $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
+  $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+  $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+  $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+  $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
   $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
   $(OPENSSL_PATH)/crypto/sm3/sm3.c
   $(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -496,6 +537,15 @@
   $(OPENSSL_PATH)/crypto/conf/conf_local.h
   $(OPENSSL_PATH)/crypto/dh/dh_local.h
   $(OPENSSL_PATH)/crypto/dso/dso_local.h
+  $(OPENSSL_PATH)/crypto/ec/ec_local.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
   $(OPENSSL_PATH)/crypto/evp/evp_local.h
   $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
   $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
diff --git CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 616ccd9f62..c88514efd0 100644
--- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -199,6 +199,43 @@
   $(OPENSSL_PATH)/crypto/dso/dso_vms.c
   $(OPENSSL_PATH)/crypto/dso/dso_win32.c
   $(OPENSSL_PATH)/crypto/ebcdic.c
+  $(OPENSSL_PATH)/crypto/ec/curve25519.c
+  $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.c
+  $(OPENSSL_PATH)/crypto/ec/curve448/curve448.c
+  $(OPENSSL_PATH)/crypto/ec/curve448/curve448_tables.c
+  $(OPENSSL_PATH)/crypto/ec/curve448/eddsa.c
+  $(OPENSSL_PATH)/crypto/ec/curve448/f_generic.c
+  $(OPENSSL_PATH)/crypto/ec/curve448/scalar.c
+  $(OPENSSL_PATH)/crypto/ec/ec2_oct.c
+  $(OPENSSL_PATH)/crypto/ec/ec2_smpl.c
+  $(OPENSSL_PATH)/crypto/ec/ec_ameth.c
+  $(OPENSSL_PATH)/crypto/ec/ec_asn1.c
+  $(OPENSSL_PATH)/crypto/ec/ec_check.c
+  $(OPENSSL_PATH)/crypto/ec/ec_curve.c
+  $(OPENSSL_PATH)/crypto/ec/ec_cvt.c
+  $(OPENSSL_PATH)/crypto/ec/ec_err.c
+  $(OPENSSL_PATH)/crypto/ec/ec_key.c
+  $(OPENSSL_PATH)/crypto/ec/ec_kmeth.c
+  $(OPENSSL_PATH)/crypto/ec/ec_lib.c
+  $(OPENSSL_PATH)/crypto/ec/ec_mult.c
+  $(OPENSSL_PATH)/crypto/ec/ec_oct.c
+  $(OPENSSL_PATH)/crypto/ec/ec_pmeth.c
+  $(OPENSSL_PATH)/crypto/ec/ec_print.c
+  $(OPENSSL_PATH)/crypto/ec/ecdh_kdf.c
+  $(OPENSSL_PATH)/crypto/ec/ecdh_ossl.c
+  $(OPENSSL_PATH)/crypto/ec/ecdsa_ossl.c
+  $(OPENSSL_PATH)/crypto/ec/ecdsa_sign.c
+  $(OPENSSL_PATH)/crypto/ec/ecdsa_vrf.c
+  $(OPENSSL_PATH)/crypto/ec/eck_prn.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_mont.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_nist.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_nistp224.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_nistp256.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_nistp521.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_nistputil.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_oct.c
+  $(OPENSSL_PATH)/crypto/ec/ecp_smpl.c
+  $(OPENSSL_PATH)/crypto/ec/ecx_meth.c
   $(OPENSSL_PATH)/crypto/err/err.c
   $(OPENSSL_PATH)/crypto/err/err_prn.c
   $(OPENSSL_PATH)/crypto/evp/bio_b64.c
@@ -384,6 +421,10 @@
   $(OPENSSL_PATH)/crypto/siphash/siphash.c
   $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
   $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
+  $(OPENSSL_PATH)/crypto/sm2/sm2_crypt.c
+  $(OPENSSL_PATH)/crypto/sm2/sm2_err.c
+  $(OPENSSL_PATH)/crypto/sm2/sm2_pmeth.c
+  $(OPENSSL_PATH)/crypto/sm2/sm2_sign.c
   $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
   $(OPENSSL_PATH)/crypto/sm3/sm3.c
   $(OPENSSL_PATH)/crypto/sm4/sm4.c
@@ -496,6 +537,15 @@
   $(OPENSSL_PATH)/crypto/conf/conf_local.h
   $(OPENSSL_PATH)/crypto/dh/dh_local.h
   $(OPENSSL_PATH)/crypto/dso/dso_local.h
+  $(OPENSSL_PATH)/crypto/ec/ec_local.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/curve448_local.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/curve448utils.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/ed448.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/field.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/point_448.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/word.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/arch_intrinsics.h
+  $(OPENSSL_PATH)/crypto/ec/curve448/arch_32/f_impl.h
   $(OPENSSL_PATH)/crypto/evp/evp_local.h
   $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
   $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
diff --git CryptoPkg/Library/OpensslLib/openssl CryptoPkg/Library/OpensslLib/openssl
--- CryptoPkg/Library/OpensslLib/openssl
+++ CryptoPkg/Library/OpensslLib/openssl
@@ -1 +1 @@
-Subproject commit e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72
+Subproject commit e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72-dirty
diff --git CryptoPkg/Library/OpensslLib/process_files.pl CryptoPkg/Library/OpensslLib/process_files.pl
index 57ce195394..baf7ba2881 100755
--- CryptoPkg/Library/OpensslLib/process_files.pl
+++ CryptoPkg/Library/OpensslLib/process_files.pl
@@ -9,6 +9,13 @@
 # do not need to do this, since the results are stored in the EDK2
 # git repository for them.
 #
+# (C) Copyright 2019-2020 Hewlett Packard Enterprise Development LP<BR>
+# This software contains information confidential and proprietary to
+# Hewlett Packard Enterprise. It shall not be reproduced in whole or in part,
+# or transferred to other documents, or disclosed to third parties, or used
+# for any purpose other than that for which it was obtained without the prior
+# written consent of Hewlett Packard Enterprise.
+#
 use strict;
 use Cwd;
 use File::Copy;
@@ -66,7 +73,9 @@ BEGIN {
                 "no-dgram",
                 "no-dsa",
                 "no-dynamic-engine",
-                "no-ec",
+                #*HP_ISS: StartRemove
+                #"no-ec",
+                #*HP_ISS: EndRemove
                 "no-ec2m",
                 "no-engine",
                 "no-err",
diff --git CryptoPkg/Library/TlsLib/TlsConfig.c CryptoPkg/Library/TlsLib/TlsConfig.c
index 307eb57896..26aea4571e 100644
--- CryptoPkg/Library/TlsLib/TlsConfig.c
+++ CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -5,6 +5,13 @@ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
+(C) Copyright 2016-2020 Hewlett Packard Enterprise Development LP<BR>
+This software contains information confidential and proprietary to
+Hewlett Packard Enterprise. It shall not be reproduced in whole or in part,
+or transferred to other documents, or disclosed to third parties, or used
+for any purpose other than that for which it was obtained without the prior
+written consent of Hewlett Packard Enterprise.
+
 **/
 
 #include "InternalTlsLib.h"
@@ -62,6 +69,16 @@ STATIC CONST TLS_CIPHER_MAPPING TlsCipherMappingTable[] = {
   MAP ( 0x0068, "DH-DSS-AES256-SHA256" ),           /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256
   MAP ( 0x0069, "DH-RSA-AES256-SHA256" ),           /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256
   MAP ( 0x006B, "DHE-RSA-AES256-SHA256" ),          /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+//*HP_ISS_TLS_HPE_CIPHER_ADD: START
+  //
+  // TLS1.3 cipher suites (https://tools.ietf.org/html/rfc8446 pg.133)
+  //
+  MAP ( 0x1301, "TLS_AES_128_GCM_SHA256"      ),    /// TLS_AES_128_GCM_SHA256
+  MAP ( 0x1302, "TLS_AES_256_GCM_SHA384"      ),    /// TLS_AES_256_GCM_SHA384
+  MAP ( 0x1303, "TLS_CHACHA20_POLY1305_SHA256"),    /// TLS_CHACHA20_POLY1305_SHA256
+  MAP ( 0x1304, "TLS_AES_128_CCM_SHA256"      ),    /// TLS_AES_128_CCM_SHA256
+  MAP ( 0x1305, "TLS_AES_128_CCM_8_SHA256"    ),    /// TLS_AES_128_CCM_8_SHA256
+//*HP_ISS_TLS_HPE_CIPHER_ADD: END
 };
 
 /**
@@ -169,6 +186,17 @@ TlsSetVersion (
     SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
     SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
     break;
+
+  //*HP_ISS_TLS1.3: Start
+  case TLS1_3_VERSION:
+    //
+    // TLS 1.3
+    //
+    SSL_set_min_proto_version (TlsConn->Ssl, TLS1_3_VERSION);
+    SSL_set_max_proto_version (TlsConn->Ssl, TLS1_3_VERSION);
+    break;
+  //*HP_ISS_TLS1.3: End
+
   default:
     //
     // Unsupported Protocol Version
@@ -259,6 +287,10 @@ TlsSetCipherList (
   CONST TLS_CIPHER_MAPPING *Mapping;
   CHAR8                    *CipherString;
   CHAR8                    *CipherStringPosition;
+  //*HP_ISS_TLS1.3: Start
+  INT32                    Tls12Status;
+  INT32                    Tls13Status;
+  //*HP_ISS_TLS1.3: End
 
   TlsConn = (TLS_CONNECTION *) Tls;
   if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
@@ -400,13 +432,18 @@ TlsSetCipherList (
     ASSERT (CipherStringPosition == CipherString + CipherStringSize);
   );
 
+  //*HP_ISS_TLS1.3: Start
   //
   // Sets the ciphers for use by the Tls object.
+  // TLS1.3 and 1.2 don't share the same cihper set API
   //
-  if (SSL_set_cipher_list (TlsConn->Ssl, CipherString) <= 0) {
+  Tls13Status = SSL_set_cipher_list (TlsConn->Ssl, CipherString);
+  Tls12Status = SSL_set_ciphersuites (TlsConn->Ssl, CipherString);
+  if (Tls12Status <= 0 && Tls13Status <= 0) {
     Status = EFI_UNSUPPORTED;
     goto FreeCipherString;
   }
+  //*HP_ISS_TLS1.3: End
 
   Status = EFI_SUCCESS;
 
diff --git NetworkPkg/HttpDxe/HttpsSupport.c NetworkPkg/HttpDxe/HttpsSupport.c
index 7e0bf85c3c..cf66dc44ef 100644
--- NetworkPkg/HttpDxe/HttpsSupport.c
+++ NetworkPkg/HttpDxe/HttpsSupport.c
@@ -5,6 +5,13 @@ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
+(C) Copyright 2016-2020 Hewlett Packard Enterprise Development LP<BR>
+This software contains information confidential and proprietary to
+Hewlett Packard Enterprise. It shall not be reproduced in whole or in part,
+or transferred to other documents, or disclosed to third parties, or used
+for any purpose other than that for which it was obtained without the prior
+written consent of Hewlett Packard Enterprise.
+
 **/
 
 #include "HttpDriver.h"
@@ -1049,7 +1056,9 @@ TlsReceiveOnePdu (
     (RecordHeader.Version.Major == 0x03) && /// Major versions are same.
     (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
     RecordHeader.Version.Minor ==TLS11_PROTOCOL_VERSION_MINOR ||
-    RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
+    //*HP_ISS_TLS1.3 RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
+    RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR || //*HP_ISS_TLS1.3
+    RecordHeader.Version.Minor == TLS13_PROTOCOL_VERSION_MINOR)   //*HP_ISS_TLS1.3
    ) {
     InsertTailList (NbufList, &PduHdr->List);
   } else {
@@ -1667,7 +1676,9 @@ HttpsReceive (
     (RecordHeader.Version.Major == 0x03) &&
     (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
     RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||
-    RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
+    //*HP_ISS_TLS1.3 RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
+    RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR || //*HP_ISS_TLS1.3
+    RecordHeader.Version.Minor == TLS13_PROTOCOL_VERSION_MINOR)   //*HP_ISS_TLS1.3
   ) {
     //
     // Decrypt Packet.
@@ -1773,7 +1784,9 @@ HttpsReceive (
     (RecordHeader.Version.Major == 0x03) &&
     (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
     RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||
-    RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
+    //*HP_ISS_TLS1.3 RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
+    RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR || //*HP_ISS_TLS1.3
+    RecordHeader.Version.Minor == TLS13_PROTOCOL_VERSION_MINOR)   //*HP_ISS_TLS1.3
     ) {
     BufferOutSize = DEF_BUF_LEN;
     BufferOut = AllocateZeroPool (BufferOutSize);