Reported by apam.

Fixes errors connecting to newer OpenSSH systems.

So Deuce spent a lot of effort creating patches to the original Cryptlib v3.4.5
source files to tune cipher-suite selections/priorities to make modern SSH
clients (e.g. OpenSSH v7.6) and HTTPS/TLS browsers or security-checking
software happy. See the current list of 3rdp/build/cl-*.patch files for details.

32-bit Linux systems.

here, and it's not really needed.

The block sizes for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 were incorrect in the suite
definitions.

This is the root cause befind the old cl-suites.patch which disabled
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (no great loss).  This patch also
fixes the TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 suite, which may be what
new Apple phones were negotiating for pop3s connections.

and reported by wkitty42... you can turn ssh back on now. :D

despite them being manditory in the SSHv2 spec.

This fixes the error seen on old browsers using
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA after a DHE GCM fallure.

Thanks for all your help wkitty42!

Unbreak it.
While we're here, prefer ECDH so we get an 'A' from ssllabs.

they're enabled even if there is no usable oracle (ie: ssllabs.com).

This is easier than explaining to everyone who worries about it.  Hopefully
there's nothing left that requires TLS_RSA suites from the client.

inline asm stuff (cl-noasm-defines.patch).

This (of course) revealed an issue with 64-bit systems not building properly
so cl-bn-noasm64-fix.patch fixes this again.

There should no longer be any inline (or out of line) asm, so any more
illegal instruction errors are likely to be the fault of the compiler or
the compiler flags.

of the bad MAC alerts.

This *should* fix LetSynchCrypt.js as well as other issues.

2a98aeb09190301ba782ba2f79837332ae277ac93851d3066e63fecf6abe6f2a) as patched
by build/cl-*.patch and built with MSVC2015 for Win32-release.

I had to remove eap*.c from cryptlib32.vcxproj file to get it to build, but no
other changes.

This versions has a lot more assumptions that the whole world runs Linux
in it, and just a small number of perviously reported bugs actually fixed.

I think the patch count has actually gone up rather than down for this.

As it turns out, the thing I was trying to fix (https://pskreporter.info not
working with HTTP.js) is not fixed in the new version and was just yet
another abitrary undocumented limit being hit.

This *may* break anything crypto-releated, though it seems to work on FreeBSD
fine.  Win32 build not tested since Digital Man provides precompiled libs
for that, and mingw32 builds not yet tested.

Please report any *NEW* crypto-related issues after getting this to work.

Oh yeah, it also looks like the cryptlib dependency for Synchronet got
broken somewhere, so the easiest way to rebuild with the new cryptlib is
to build SyncTERM first.  I'll try to get this one fixed soonish.

messages (at least up to 4k attributes).

I'll tie it into the build with the incoming Cryptlib update, but I want
it to be a separate commit since it fixes a long-standing issue while the
rest of the update commit will just unbreak new broken bits.

This has not had the crash here in over three days (crosses fingers).

bytes different, so committing out of an abundance of caution. No "known"
changes however.

loop even when the timeout is zero.