CVE-2015-4000: Prevent Logjam. The TLS protocol 1.2 and earlier, when a
DHEEXPORT ciphersuite is enabled on a server but not on a client, did not
properly convey a DHEEXPORT choice, which allowed man-in-the-middle attackers
to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE
replaced by DHEEXPORT and then rewriting a ServerHello with DHEEXPORT
replaced by DHE (bsc#938906).