### Description I am connecting two kamailio (5.4.5) using TLS with client cert verification. When one side is OpenSSL 1.1.1 (CentOS 8) + P-256 cert and the other side is OpenSSL 1.0.2 (CentOS 7) + P-521 cert *and* `cipher_list` is set(e.g., `DEFAULT`), the ClientHello fails because the only supported curve sent is P-256 (server has P-521).

### Troubleshooting

1. If `cipher_list` is *not* set at all in `[client:defaut]`l, then the ClientHello sends 4 supported EC groups and the handshake succeeds. 2 . If `cipher_list` is set in `[client:defaut]` (e.g. `DEFAULT` or `ANY`) then the ClientHello sends only 1 supported EC group P-256 (I guess because the client is using a P-256 cert), then the handshake will fail.

#### Reproduction

1. Connect two kamailos one on CentOS 8 sending SIP to one on CentOS 7, enable TLS, with client cert verification. Put a P-256 cert on CentOS 8 and a P-521 cert on CentOS 7.

#### Debugging Data

1. `cipher_list` is not set: TLS ClientHello Supported Groups is 4 groups: secp256r1 secp521r1 secp384r1 secp256k1 2. `cipher_list` is set to `DEFAULT`: TLS ClientHello Supported Groups is 1 group: secp256r1.

#### Log Messages

``` ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher ```

#### SIP Traffic NA - couldn't complete TLS handshake so no SIP was transferred.

### Possible Solutions

1. Don't set cipher_list at all; the moment you set cipher_list to anything(`ANY`, `DEFAULT` etc), the ClientHello will narrow the supported groups to P-256 and the server will reject.

I have a thought: does `setup_ecdh()` in `tls_domain.c` behave differently on OpenSSL 1.1.1? Maybe it is forcing the handshake to send only the curve of the client.

### Additional Information

1. kamailio version is 5.4.5 2. Must be OpenSSL 1.1.1 to OpenSSL 1.0.2. BTW in the reverse direction P-521 CentOS 7 to P-256 CentOS 8 doesn't encounter this issue.