Disabling explicit curves in OpenSSL 4.0 by default
Looks like outcome of the poll https://openssl-communities.org/d/YefVGWxZ/disabling-support-of-explicit-curves-in-openssl-via-compilation-options is pretty clear.
The PR https://github.com/openssl/openssl/pull/29639 is basically ready and the only remaining question is whether we should disable the support of explicit EC curves by default or not.
Dmitry Belyavsky Sat 17 Jan 2026 9:24AM
@Viktor Dukhovni I mean that enabling of these curves should be either managed as a part of `ssl-enable-weak-cipher` configuration option, or have a separate compile option like `ssl-enable-weak-params`
The explicit curves may or may not be insecure; the problem with them is that they may by accident break assumptions we have in our EC library. The introduced changes close a significant attack vector - getting parameters from the attacker-controlled ASN.1 objects.
Dmitry Belyavsky Sat 17 Jan 2026 1:04PM
@Viktor Dukhovni let's try
https://github.com/openssl/openssl/pull/29658
Viktor Dukhovni · Sat 17 Jan 2026 2:36AM
Well, if we're flushing out obsolete/insecure curves, doing the TLS cleanup also makes sense to me. I don't think we should worry about who does or does not have "capacity" to make the change.
What do you mean by a "separate define"? Perhaps you mean a separate topic to be voted?
Does it need a vote?