I guess that this requires some input from the wolfssl people. We are too laymen to quickly get into the bottom of why there are mixed algorithm types even though our function calls should already be properly using only ec or rsa.
If you compile with the full toolchain (like I do), you can nicely set curl to depend on openssl.
As explanation, the curl package has not been modified to have variants so that there would be different versions available for imagebuilder. The SSL library selection is just a compile time option, available when compiling from sources.