Fix #2400 Add NO_RENEGOTIATE option

        OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \

        OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, OPT_S_CURVES, OPT_S_NAMEDCURVE, \

        OPT_S_CIPHER, OPT_S_DHPARAM, OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, \

        OPT_S_COMP, OPT_S__LAST

        OPT_S_COMP, OPT_S_NO_RENEGOTIATION, OPT_S__LAST

# define OPT_S_OPTIONS \

        {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \

        {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \

        {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \

            "Enable use of legacy renegotiation (dangerous)"}, \

        {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \

            "Disable all renegotiation."}, \

        {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \

            "Allow initial connection to servers that don't support RI"}, \

        {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \

        case OPT_S_CIPHER: \

        case OPT_S_DHPARAM: \

        case OPT_S_RECORD_PADDING: \

        case OPT_S_NO_RENEGOTIATION: \

        case OPT_S_DEBUGBROKE

#define IS_NO_PROT_FLAG(o) \

        BIO_printf(bio_s_out, "Reused session-id\n");

    BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",

               SSL_get_secure_renegotiation_support(con) ? "" : " NOT");

    if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION))

        BIO_printf(bio_s_out, "Renegotiation is DISABLED\n");

    if (keymatexportlabel != NULL) {

        BIO_printf(bio_s_out, "Keying material exporter:\n");

        BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);

length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the

B<value> must be >1 or <=16384.

=item B<-no_renegotiation>

Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting

B<SSL_OP_NO_RENEGOTIATION>.

=item B<-min_protocol>, B<-max_protocol>

Sets the minimum and maximum supported protocol.

length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the

B<value> must be >1 or <=16384.

=item B<NoRenegotiation>

Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting

B<SSL_OP_NO_RENEGOTIATION>.

=item B<SignatureAlgorithms>

This sets the supported signature algorithms for TLS v1.2. For clients this

If this option is set, Encrypt-then-MAC is disabled. Clients will not

propose, and servers will not accept the extension.

=item SSL_OP_NO_RENEGOTIATION

Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest

messages, and ignore renegotiation requests via ClientHello.

=back

The following options no longer have any effect but their identifiers are

        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3)

# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)

/* Disallow all renegotiation */

# define SSL_OP_NO_RENEGOTIATION                         0x40000000U

/*

 * Make server add server-hello extension from early version of cryptopro

 * draft, when GOST ciphersuite is negotiated. Required for interoperability

# define SSL_F_SSL_READ_EX                                434

# define SSL_F_SSL_READ_INTERNAL                          523

# define SSL_F_SSL_RENEGOTIATE                            516

# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED                546

# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT                320

# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT                321

# define SSL_F_SSL_SESSION_DUP                            348