New function ssl_set_client_disabled to set masks for any ciphersuites

that are disabled for this session (as opposed to always disabled by
configuration).