…keepalive timer via TCP_KEEPIDLE setsockopt

If OpenSSL is too old, it does not properly associate renegotiation
handshakes with an existing connection, which allows man-in-the-middle
attackers to insert data into HTTPS sessions, and possibly other types
of sessions protected by TLS or SSL, by sending an unauthenticated
request that is processed retroactively by a server in a
post-renegotiation context, related to a "plaintext injection" attack,
aka the "Project Mogul" issue.

If OpenSSL is recent enough, it will use SSL secure renegotiation
instead (RFC 5746). However, this feature allows an attacker to
trigger easily a lot of handshake which would allow to DoS the server.

At least, there seems to be no easy way to tell if OpenSSL is
vulnerable to CVE-2009-3555 and therefore, in doubt, it may be better
to disable renegotiation.

Patch to set SO_KEEPALIVE on client socket

Disable SSL renegotiation to fix CVE-2009-3555.

Some shctx optimz