[tls] Don't use OpenSSL<1.0.2 fallback on 1.1+

[space88man]

Addresses #2716. Also see https://bugs.python.org/issue29697.

Pre-Submission Checklist

• Commit message has the format required by CONTRIBUTING guide
• Commits are split per component (core, individual modules, libs, utils, ...)
• Each component has a single commit (if not, squash them into one commit)
• No commits to README files for modules (changes must be done to docbook files
  in doc/ subfolder, the README file is autogenerated)

Type Of Change

• Small bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds new functionality)
• Breaking change (fix or feature that would change existing functionality)

Checklist:

• PR should be backported to stable branches
• [X ] Tested changes locally
• Related to issue TLS Client Verification OpenSSL 1.1.1(P-256) to OpenSSL 1.0.2 (P-521) is failing #2716

Description

For OpenSSL 1.1.x initialization of EC SSL contexts has changed — we shouldn't be using the < 1.0.2 technique on OpenSSL 1.1+. This addresses a corner case where a TLS client(OpenSSL 1.1.1) with P-256 cert would not handshake with a TLS server with a P-521 cert. Adopted from the way that Python _ssl.c does initialization. Python, in turn, took this from Apache's mod_ssl.

[miconda]

Thanks!