Add warnings to getSupportedCipherSuites()

One of our supported cipher suites is TLS_FALLBACK_SCSV.  It's useful
to support this in order to enable downgrade attack protection on
client-initiated version fallbacks, but if it's enabled improperly it
can prevent connections to servers that support higher versions than
the client.  (In particular, TLS 1.3-supporting servers will reject
connections from clients that only support TLS 1.2 if
TLS_FALLBACK_SCSV is enabled.)

To attempt to discourage that, warn users against blindly enabling all
cipher suites, and show them the appropriate way to use
getSupportedCipherSuites().

Test: make docs
Fixes: 128907031
Change-Id: I31bf4f886185d21118b281d014d6761c0d92ba60
5 files changed