Since s->method does not reflect the final client version when a client
hello is sent for SSLv23_client_method it can't be relied on to indicate
if TLS 1.2 ciphers should be used. So use the client version instead.

Give CBC decrypt approximately same treatment as to CTR and collect 25%.

Submitted by: David Miller

(cherry picked from commit 944bc29f)

Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in
DTLS 1.2 mode too.

The relaxed signing requirements for fixed DH certificates apply to DTLS 1.2
too.

Add DTLS1.2 support for cached records when computing handshake macs
instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the
equivalent TLS 1.2 code to DTLS).

Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.

Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.

Since this is always called from DTLS code it is safe to assume the header
length should be the DTLS value. This avoids the need to check the version
number and should work with any version of DTLS (not just 1.0).

Extend DTLS method creation macros to support version numbers and encryption
methods. Update existing code.

Some TLS extensions were disabled for DTLS. Possibly because they caused
problems with the old duplicated code. Enable them again.

Based on suggestions from Shay Gueron and Vlad Krasnov.
PR: 3021

The only standard compression method is stateful and is incompatible with
DTLS.

PR: 3002

Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.