Apparently, I need to spell out "-ciphersuites
TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384" in the openssl
s_client command, or it simply will not work.
After Debian has pretty much migrated to v1.1, we now assume that
OpenSSL is preinstalled system-wide -- it's not experimental anymore.
Currently we assume it's preinstalled in /usr/local.
While the PSK cipher suites do not use any ECDHE/RSA signatures, in the
future someone may change the code. In that case, as a robustness
measure, already set the acceptable signature algorithms now.
Additionally upgrade to OpenSSL v1.1.0e and include the comment to
include X448 once it becomes available for TLS ECDHE (it's not yet,
unfortunately).