Not only is it not safe, but it's also 3x slower than DJB's own 256-bit Curve25519:
All the browsers should hurry up and support it already. Also maybe it's time to consider using NaCl, or some other alternative to OpenSSL, which seems hopeless.
Changes between 1.0.1a and 1.0.1b [26 Apr 2012]
- OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and 1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately mean any application compiled against OpenSSL 1.0.0 headers setting SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to 0x10000000L Any application which was previously compiled against OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1 will need to be recompiled as a result.
One would think that someone from the apache project might be well suited for it.
Makes it incredibly simple to get a good idea of how secure your config is and where compatibility problems might arise.