disable SSLv3 and SSL compression explicitly

** SSLv3 is broken.

• Disabling compression mitigates the CRIME attack.

see attached patch