Be stricter with middlebox compatibility mode in the TLSv1.3 server.

Be stricter with middlebox compatibility mode in the TLSv1.3 server.

Only allow a TLSv1.3 client to request middlebox compatibility mode if
this is permitted. Ensure that the legacy session identifier is either
zero length or 32 bytes in length. Additionally, only allow CCS messages
on the server side if the client actually requested middlebox compatibility
mode.

ok tb@