Choose a safer value for SSL_OP_ALLOW_NO_DHE_KEX

/* Typedef for verification callback */

typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);

/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */

# define SSL_OP_ALLOW_NO_DHE_KEX                         0x00000001U

/* Allow initial connection to servers that don't support RI */

# define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004U

# define SSL_OP_TLSEXT_PADDING                           0x00000010U

# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U

/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */

# define SSL_OP_ALLOW_NO_DHE_KEX                         0x00000400U

/*

 * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in

 * OpenSSL 0.9.6d.  Usually (depending on the application protocol) the