in addition to the crypto library.

"openssl list-standard-commands".

In testss, use MD5 as digest algorithm so that the resulting
certificates can be used for testssl with RSA.

in SSL_new.
If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh
on computing a DH key that will be ignored anyway.

ssltest -dhe1024dsa (w/ 160-bit sub-prime) had an unfair performance
advantage over -dhe1024 (safe prime): SSL_OP_SINGLE_DH_USE was
effectively always enabled because SSL_new ignored the DH key set in
the SSL_CTX.  Now -dhe1024 takes the server only about twice as long
as -dhe1024dsa instead of three times as long (for 1024 bit RSA
with 1024 bit DH).

choice of parameters) when they are needed.

proposed by Holger Reif

is activated only when _POSIX_SOURCE is defined).

header...

to make SSL_nread0 work.

Curiously enough, void functions don't return a value.

don't dynamically create them.  This allows using ssltest
for approximate performance comparisons:
   $ time ./ssltest -num 50 -tls1 -cert ../apps/server2.pem \
     [-no_dhe|-dhe1024dsa|-dhe1024]
(server2.pem contains a 1024 bit RSA key, the default has only
512 bits.) Note that these timings contain both the server's and
the client's computations, they are not a good indicator for
server workload in different configurations.

still not be quiet.  Also make it clear that -quiet implicitely means
-ign_eof as well.

- Move DH parameter components inside the function.
- Automatically #include the required header file if it
  has not already been #included.