Ticket #47838 - harden the list of ciphers available by default (phase 2)
Description:
1) By default (i.e., no explicit allowWeakCipher set in cn=encryption,cn=config),
allowWeakCipher is on for user specified cipher list
allowWeakCipher is off for "+all" and "default"
2) Fixed enabled allowWeakCipher (explicitly set "on" to it) is
applied to "+all" and "default".
3) If an invalid value is set to allowWeakCipher, this message is
logged in the error log and set it to the default value.
SSL alert: The value of allowWeakCipher "poor" in cn=encryption,
cn=config is invalid. Ignoring it and set it to default.
https://fedorahosted.org/389/ticket/47838
Reviewed by tbordaz@redhat.com (Thank you, Thierry!)