Implement TLS_FALLBACK_SCSV support for the client.

With this change, calling SSL_enable_fallback_scsv on a client SSL* will
cause the fallback SCSV to be sent.

This is intended to be set when the client is performing TLS fallback
after a failed connection. (This only happens if the application itself
implements this behaviour: OpenSSL does not do fallback automatically.)

The fallback SCSV indicates to the server that it should reject the
connection if the version indicated by the client is less than the
version supported by the server.

See http://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-02.

Change-Id: I478d6d5135016f1b7c4aaa6c306a1a64b1d215a6
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 0905e9f..fd78eb6 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -341,6 +341,10 @@
 	// PaddingFirstByteBadIf255 causes the first byte of padding to be
 	// incorrect if there's a maximum amount of padding (i.e. 255 bytes).
 	PaddingFirstByteBadIf255 bool
+
+	// FailIfNotFallbackSCSV causes a server handshake to fail if the
+	// client doesn't send the fallback SCSV value.
+	FailIfNotFallbackSCSV bool
 }
 
 func (c *Config) serverInit() {