Feature: Optional SSL CTX ciphersuite selection

[Burnett01]

This PR introduces a feature for the new SSL http_backend.

Currently, the ssl_context inits OpenSSL with OpenSSL_add_ssl_algorithms #L25.

This is okay for non-production or internal environments but should be avoided in production,
mainly due to the lax ciphersuite selection performed by OpenSSL.

As stated in the official OpenSSL docs:

WARNING
SSL_library_init() adds ciphers and digests used directly and indirectly by SSL/TLS. ...Source...

OpenSSL_add_ssl_algorithms is a synonym for SSL_library_init().

In order to allow developers to select a ciphersuite of their choice, SSL_CTX_set_cipher_list should be used.

This PR makes use of that function and (optionally) enables it by starting http_serve with the new s::ssl_ciphers symbol.

Example:

http_serve(api, 443, s::ssl_key = "./server.key", s::ssl_certificate = "./server.crt", s::ssl_ciphers = "ALL:!NULL");

To keep backward-compatibility and more freedom, this option is optional, and the http_serve signature can
remain as is:

http_serve(api, 443, s::ssl_key = "./server.key", s::ssl_certificate = "./server.crt");

An empty ciphersuite string will fallback to the default behaviour, that is skipping SSL_CTX_set_cipher_list.

Example:

http_serve(api, 443, s::ssl_key = "./server.key", s::ssl_certificate = "./server.crt", s::ssl_ciphers = "");

is the same as

http_serve(api, 443, s::ssl_key = "./server.key", s::ssl_certificate = "./server.crt");

---

Compiled and tested with CLang 9 (LLVM 9) @ Ubuntu 18.04.4 LTS (bionic beaver)

---

I hope I was able to get the idea across.

Feel free to change, approve or dismiss this PR.

Great library and best regards,
Steve

[matt-42]

Thanks @Burnett01 . Looks good to me. I'm merging it.