SSL: better default ciphersuite

Attached patch changes the default ciphersuite to

    HIGH:!aNULL

instead of old

    DEFAULT:!LOW:!EXP:!MD5:@STRENGTH

where DEFAULT is a shortcut for "ALL:!aNULL:!eNULL".


Main goal is to leave low-level ciphersuite details to OpenSSL guys
and give clear impression to Postgres admins what it is about.

Compared to old value, new value will remove all suites with RC4 and SEED
from ciphersuite list.  If OpenSSL is compiled with support for SSL2,
it will include following suite: DES-CBC3-MD5, usable only for SSL2
connections.

Tested with OpenSSL 0.9.7 - 1.0.1, using "openssl ciphers -v ..." command.


Values used
-----------

HIGH:
  Contains only secure and well-researched algorithms.

!aNULL
  Needed to disable suites that do not authenticate server.
  DEFAULT includes !aNULL by default.


Values not used
---------------

!MD5
  This affects only one suite: DES-CBC3-MD5, which is available only
  for SSL2 connections.  So it would only pollute the default value.

@STRENGTH
  The OpenSSL cipher list is already sorted by humans,
  it's unlikely that mechanical sort would improve things.
  Also the existence of this value in old list is rather
  dubious, as server cipher order was never respected anyway.

--
marko