I'm mildy in favor of overriding OpenSSL defaults for now.

However I suggest removing openssl from the standard library to
encourage saner SSL implementations.
IMNSHO, OpenSSL is a disaster.