Backport various security fixes.
Note they usually are extra options that need
to be enabled manually so that we won’t break functionality:
– CVE-2011-3389: Make it possible to deny use of “BEAST” vulnerable ciphers
– CVE-2012-4929: Disable compression to be safe from “CRIME”
– CVE-2005-2090: Chunked encofing response splitting (no awkward name here)
– CVE-2014-3566: Allow disabling SSLv3 (and others), to be safe from “POODLE”
– A redirect XSS fix