ATS supports only P-256 as supported groups

[masaori335]

While I'm working #3604, I noticed that ATS always use P-256 as supported groups with OpenSSL v1.1.1. This leads extra round trip with Hello Retry Request, when client select other group as initial key_share. (e.g. OpenSSL use X25519 in default )
ATS should support two groups at least as advised in Using TLS1.3 With OpenSSL

In practice most clients will use X25519 or P-256 for their initial key_share. For maximum performance it is recommended that servers are configured to support at least those two groups and clients use one of those two for its initial key_share. This is the default case (OpenSSL clients will use X25519).

[masaori335]

It looks like ssl_enable_ecdh() is forcing P-256.

trafficserver/iocore/net/SSLUtils.cc

Lines 590 to 608 in bd7741f

	static SSL_CTX *
	ssl_context_enable_ecdh(SSL_CTX *ctx)
	{
	#if TS_USE_TLS_ECKEY
	#if defined(SSL_CTRL_SET_ECDH_AUTO)
	SSL_CTX_set_ecdh_auto(ctx, 1);
	#elif defined(HAVE_EC_KEY_NEW_BY_CURVE_NAME) && defined(NID_X9_62_prime256v1)
	EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
	if (ecdh) {
	SSL_CTX_set_tmp_ecdh(ctx, ecdh);
	EC_KEY_free(ecdh);
	}
	#endif
	#endif
	return ctx;
	}

[masaori335]

SSL_CTX_set_ecdh_auto() is removed by OpenSSL v1.1.0. and it made ATS to go to line 598.
From the change log - https://www.openssl.org/news/changelog.html#x10

*) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is
always enabled now. If you want to disable the support you should
exclude it using the list of supported ciphers. This also means that the
"-no_ecdhe" option has been removed from s_server.