Banish more deprecated flags to the bottom.

Change-Id: I7959fc65afae8860804ab9f038e3b5a9c2c8ec7b
Reviewed-on: https://boringssl-review.googlesource.com/5943
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index f84d693..24bdf8e 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -598,13 +598,6 @@
  * this in explicit fallback retries, following the guidance in RFC 7507. */
 #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L
 
-/* The following flags do nothing and are included only to make it easier to
- * compile code with BoringSSL. */
-#define SSL_MODE_AUTO_RETRY 0
-#define SSL_MODE_RELEASE_BUFFERS 0
-#define SSL_MODE_SEND_CLIENTHELLO_TIME 0
-#define SSL_MODE_SEND_SERVERHELLO_TIME 0
-
 /* SSL_CTX_set_mode enables all modes set in |mode| (which should be one or more
  * of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a bitmask
  * representing the resulting enabled modes. */
@@ -2864,6 +2857,10 @@
 
 /* The following flags do nothing and are included only to make it easier to
  * compile code with BoringSSL. */
+#define SSL_MODE_AUTO_RETRY 0
+#define SSL_MODE_RELEASE_BUFFERS 0
+#define SSL_MODE_SEND_CLIENTHELLO_TIME 0
+#define SSL_MODE_SEND_SERVERHELLO_TIME 0
 #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0
 #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0
 #define SSL_OP_EPHEMERAL_RSA 0
@@ -2886,7 +2883,6 @@
 #define SSL_OP_TLS_ROLLBACK_BUG 0
 #define SSL_VERIFY_CLIENT_ONCE 0
 
-
 /* SSL_cache_hit calls |SSL_session_resumed|. */
 OPENSSL_EXPORT int SSL_cache_hit(SSL *ssl);