deps: update openssl config

[shigeki]

Pull Request check-list

• Does make -j8 test (UNIX) or vcbuild test nosign (Windows) pass with
  this change (including linting)?
• Is the commit message formatted according to [CONTRIBUTING.md][0]?
• [CI tests] If this change fixes a bug (or a performance problem), is a regression
  test (or a benchmark) included?
• Is a documentation update included (if this change modifies
  existing APIs, or introduces new ones)?

Affected core subsystem(s)

deps: openssl

Description of change

deps/openssl/config were not updated in the last upgrading. Two new defines of OPENSSL_NO_SSL2 and OPENSSL_NO_WEAK_SSL_CIPHERS are defined in opensslconf.h.

This disables several ciphers included in EXPORT and LOW. They are also disabled in the default cipher list but I think that applying this to LTS should be discussed in LTS issue. I will open it.

CI is running on https://ci.nodejs.org/job/node-test-commit/2502/ but something Jenkins error was on MacOS. I will try it again.

R: @bnoordhuis

[shigeki]

New CI is https://ci.nodejs.org/job/node-test-pull-request/1890/

[Fishrock123]

s/udpate/update/ :)

[shigeki]

@Fishrock123 Oops. Fixed typo. Thanks.

[shigeki]

CI in https://ci.nodejs.org/job/node-test-commit/2505/ is all green.

[shigeki]

Strictly speaking, this fix corresponds to semver-major. As discussed in LTS on nodejs/Release#85, I would like to apply this to 5.x.

[jasnell]

LGTM for master... Let's add it to the lts-agenda for Monday to discuss.

[shigeki]

@indutny Could you review this PR?

[indutny]

LGTM, if CI is green

[shigeki]

@indutny Thanks. CI was submitted in https://ci.nodejs.org/job/node-test-pull-request/1927/.

[shigeki]

CI is all green. Landed in 668fb17. Thanks.

[jasnell]

@shigeki ... This was backported to v0.12 and v0.10 in #5712 correct?

Also, removed the lts-agenda label on this since it was decided via the github conversation to go ahead and land this in the lts branches.

[shigeki]

@jasnell #5712 was the fix for openssl-1.0.1 and it has already landed to v0.12-staging and v0.10-staging branches. This PR is the fix for openssl-1.0.2 and it need to be backported from master to 5.x and 4.x. I would like you to take care of them.

[jasnell]

Sounds good! :-)

[MylesBorins]

@shigeki is this pressing enough to roll into the next v4 release asap or should it have a bit of time to live on v5 first?

[shigeki]

@thealphanerd This fix is a kind of regular procedures in upgrading openssl and has just a small risk. So it's already enough to roll to v4.x.