For now I think this is still the best option. Support for
negotiation of RFC7919 groups requires OpenSSL 3.0 (not yet
released). These groups are unavailable in OpenSSL 1.0.2.
In OpenSSL 1.1.1 it is possible to select one statically,
but this is not useful, these groups are only useful when