Can we reject FFDHE for TLS?

Right now, a well-behaved client should never actually negotiate a FFDHE group; everybody should have ECDHE or hybrid ECDHE+MLKEM. But relays still support FFDHE for fear that they will break somebody.

Can we remove FFDHE support entirely?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information