Bug 707384 - only allow FIPS approved cipher suites in FIPS mode
    
    https://bugzilla.redhat.com/show_bug.cgi?id=707384
    Resolves: bug 707384
    Bug Description: only allow FIPS approved cipher suites in FIPS mode
    Reviewed by: nhosoi (Thanks!)
    Branch: master
    Fix Description: These changes only affect the server if FIPS mode has been
    set in the internal security module, that is, if
     modutil -dbdir /etc/dirsrv/slapd-myhost -chkfips true
    returns
     FIPS mode enabled.
    1) If cn=encryption,cn=config nsSSL3Ciphers is missing or set to "+all",
    the server will silently use only FIPS approved cipher suites.
    2) If cn=encryption,cn=config nsSSL3Ciphers has a list of ciphers, and at
    least one non-FIPS approved cipher suites is enabled, the server will log
    to the errors log the list of unapproved cipher suites specified, and will
    restrict the server to only the FIPS approved ciphers specified in the list.
    3) The attribute nsSSLSupportedCiphers in cn=encryption,cn=config will list
    only FIPS approved ciphers
    4) If the CONFIG log level (64) is set, more detailed information will be
    logged to the errors log about cipher config processing
    Platforms tested: RHEL6 x86_64
    Flag Day: no
    Doc impact: no
    (cherry picked from commit f290f80e90c116ab5c04171f6a833aa4fdee98e6)