sanity and fixes
from CHANGES:
- API: dropped 'perfect' from forward secrecy in Config.Ciphers:
fs instead of pfs, fs_of instead of pfs_of - API: type epoch_data moved from Engine to Core
- removed Cstruct_s now that cstruct (since 1.6.0) provides
s-expression marshalling - require at least 1024 bit DH group, use FFDHE 2048 bit DH group
by default instead of oakley2 (logjam) - more specific alerts:
- UNRECOGNIZED_NAME: if hostname in SNI does not match
- UNSUPPORTED_EXTENSION: if server hello has an extension not present in
client hello - ILLEGAL_PARAMETER: if a parse error occured
- encrypt outgoing alerts
- fix off-by-one in handling empty TLS records: if a record is less than 5
bytes, treat as a fragment. exactly 5 bytes might already be a valid
application data frame