support for SSLv2 should be removed from SslStream

[wfurt]

RFC 6176 Prohibiting Secure Sockets Layer (SSL) Version 2.0, March 2011.
Unlike obsolete Sslv3 (and TLS1.0/1.0), Sslv2 should be forbidden.

Right now SslStream can support Sslv2 if underlying OS supports it.
At the moment, that seems to be only old versions of Windows.
While OpenSSL 1.0 could support it, all supported distributions are built without it. (Ubuntu16)

This maters as SslStream has craft and state handling to support v2 beyond SslProtocols.Ssl2 enum.
Perhaps we should strip it if passed in and throw PNSP if that is only protocol requested.

Tagging subscribers to this area: @dotnet/ncl
Notify danmosemsft if you want to be subscribed.

[wfurt]

cc: @bartonjs @blowdart

[blowdart]

I think you'd have to justify this with numbers. I am suspicous of crappy IoT devices. Hopefully they'd support SSL3 by now, but I don't think you can do this with a wave of a hand. There should be a deprecation strategy to give people enough time to scream if they're still in need of SSL2.

[karelz]

@blowdart we agreed at NCL meeting to do it in 7.0 early on (PR is up).
Given 7.0 is not LTS, we could react if it breaks people. It also gives people 2 years to stay on LTS after 7.0 ships and migrate away from SSLv2 during that time and then migration to 7.0+.
Azure is pushing everyone to TLS 1.2+, so we think it should be fine to drop this ancient protocol.

Thoughts?