Disabling support of explicit curves in OpenSSL via compilation options
Using explicit Elliptic curves is discouraged by security reasons and is disabled in RHEL-based distributions via patch.
I think it would be better to have a configure option for this purpose
https://github.com/openssl/openssl/pull/29639
is an implementation based on
https://github.com/beldmit/openssl/commit/6a2b78bca595435fcbf72d7b2c8bec004d555016
Add a configure option to disable support of explicit elliptic curves
poll by Dmitry Belyavsky Closed Mon 19 Jan 2026 7:00AM
What is this poll about?
Why is this important?
What are you asking people to do?
Choose the option(s) you favor.
Results
| Results | Option | % of points | Voters | |||
|---|---|---|---|---|---|---|
|
|
Yes, in 4.0 | 93 | 14 |
|
||
|
|
Yes, after 4.0 | 7 | 1 |
|
||
| No | 0 | 0 | ||||
| Undecided | 13 |
|
15 of 28 votes cast (53% participation)
Dmitry Belyavsky Tue 13 Jan 2026 7:55AM
If necessary, I'm volunteering adapting the RHEL patch for this purpose
Shane Lontis Tue 13 Jan 2026 7:55AM
Being able to remove it would be good for security purposes. Whether it makes it to 4.0 or not it probably should be done.
Tomas Mraz Tue 13 Jan 2026 7:55AM
I think there is still some time to get things into 4.0 and this is not particularly complicated change. The question is whether explicit curve support should be disabled by default or not. If it makes into 4.0, it could be disabled by default actually.
Norbert Pócs Tue 13 Jan 2026 7:55AM
Sounds good to me and the change doesn't sound that difficult for 4.0
Neil Horman Tue 13 Jan 2026 7:55AM
I'm not opposed to adding such a configuration feature, but I think its a little late in the 4.0 development cycle to be adding it
Tim Hudson Tue 13 Jan 2026 7:55AM
At least this as an option, but would prefer it on by default (i.e. explicit curves disabled by default)
Dmitry Belyavsky · Wed 14 Jan 2026 8:11PM
@Neil Horman I have just pushed the changes
https://github.com/openssl/openssl/pull/29639