Update the ciphers list
The previous list of ciphers was allowing weak algorithms.
The fix removes:
- kECDH: cipher suites using fixed ECDH key agreement signed by CAs with RSA
and ECDSA keys or either respectively.
- kDH: cipher suites using DH key agreement and DH certificates signed by
CAs with RSA and DSS keys or either respectively.
Fixes: https://pagure.io/freeipa/issue/8000
Reviewed-By: Christian Heimes <cheimes@redhat.com>