"Cut and paste the options from somewhere" is a questionable practice even when it's not part of a security-critical workflow. And yet I'd venture to say that most people who use OpenSSL do so with commands copy-pasted verbatim from the internet, specifically because of its obtuse complexity.
Set-and-forget still requires you to know what to set.
Set-and-forget still requires you to know what to set.