Disable SSLv2 cipher suites by default and avoid SSLv2 compatible client

hello if no SSLv2 cipher suites are included. This effectively disables
the broken SSLv2 use by default.