Migrate DHE test cases to ECDHE

[gilles-peskine-arm]

There are a few TLS 1.2 test cases where we're currently using a DHE key exchange, but we could indifferently use ECDHE. Since we are removing DHE, we need to migrate those test cases to ECDHE.

This applies to development only. But we may want to backport the new test cases as additional tests in 3.6 for a minor but very cheap coverage improvement.

To clarify the scope:

• A test case that uses DHE because its objective is to test DHE is out of scope.
• A test case that uses DHE, for which there is another test case that's identical except for using ECDHE, is out of scope.
• A test case that uses DHE, but could do without it, and has no equivalent non-DHE test case, is in scope.

The affected test cases, analyzed on 467edcd:

• test_suite_ssl
  • resize_buffers_renegotiate_mfl: we're testing ECDHE-RSA with GCM, and DHE-RSA with CBC. I think there's no particular reason for that and in 4.0 we should just change thee DHE test cases to ECDHE.
• ssl-opt.sh
  • "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1"
  • ""Opaque keys for server authentication: EC + RSA, force DHE-RSA" ? Not sure if other test cases reach the same path
  • "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, DHE-RSA: OK"
  • "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (hard)"
  • "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (soft)"
  • "keyUsage cli 1.2: DigitalSignature, DHE-RSA: OK"