Since we didn't have any regular builds against
OpenSSL 3.0 so far we didn't notice that it was
broken by commit 291e675748
(Move SSL context from OpenSSL Context to OpenSSL Config)
Since context is now part of config, we need to use
separate configs.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
OpenSSL 1.1+ by default only allows signatures and key exchange from the
default list of X25519:secp256r1:X448:secp521r1:secp384r1. Since in
TLS1.3 key exchange is independent from the signature/key of the
certificates, allowing all groups per default is not a sensible choice
anymore and the shorter lister is reasonable.
However, when using certificates with exotic curves the signatures of
this certificates will no longer be accepted. This option allows to
modify the list for these corner cases.
Signed-off-by: Arne Schwabe <arne@openvpn.net>