OpenSSL Communities

Compile-time disable weak curves in TLS by default in 4.0

Dmitry BelyavskyDmitry Belyavsky Mon 19 Jan 2026 12:02PMPublicSeen by 27

RFC 8422 has deprecated some weak elliptic curves in TLS. We have a compiling option to disable them in openssl. I propose to make these curves disabled in compile time by default in 4.0.

See for more details https://github.com/openssl/openssl/pull/29658

Dmitry Belyavsky

Compile-time disable weak curves in TLS by default in 4.0

poll by Dmitry Belyavsky Closed Thu 22 Jan 2026 12:00PM

Results

ResultsOption% of pointsVoters
Yes1008Angel YankovPedro MonrealKlaus TriendlJames BourneDmitry BelyavskyClemens LangJohn HaxbyMatt Caswell
No00 
Undecided31Tomas MrazAnton ArapovHana Andersen Jon EricsonXin LiJohn BaldwinYi OuyangPierre SchmitzLucas MüllingKurt RoeckxGordon TetlowMartin BolekMatěj CeplAlexander BokovoyTomas VavraRaviTobias HeiderŁukasz 'sil2100' ZemczakTim HudsonKaterina Micova

8 of 39 votes cast (20% participation)