OpenSSL Communities

Compile-time disable weak curves in TLS by default in 4.0

DB Dmitry Belyavsky Mon 19 Jan 2026 12:02PM Public Seen by 25

RFC 8422 has deprecated some weak elliptic curves in TLS. We have a compiling option to disable them in openssl. I propose to make these curves disabled in compile time by default in 4.0.

See for more details https://github.com/openssl/openssl/pull/29658

DB

Compile-time disable weak curves in TLS by default in 4.0

poll by Dmitry Belyavsky Closed Thu 22 Jan 2026 12:00PM

Results

Results Option % of points Voters
Yes 100 8 KT PM AY JB DB CL JH MC
No 0 0  
Undecided 31 XL JB PS KR LM GT MB MC HA AB TV R TH Z JE TH YO KM AA TM

8 of 39 votes cast (20% participation)