Fix DTLS compatibility with ASA firmware 8.4.1(11) and above.

Fix DTLS compatibility with ASA firmware 8.4.1(11) and above.

It seems to get very upset when we resend our ChangeCipherSpec messages,
as the RFC says we're supposed to do. Without a periodic resend, if the
original did get lost in transit, the server wouldn't be able to decrypt
any of our data packets.

Perhaps there's something "wrong" with our packets; the ChangeCipherSpec
messages is is one of the areas in which Cisco's "speshul" version of
DTLS differs from RFC4347. But the Cisco client doesn't seem to resend it
at all, ever. Making it hard to tell what Cisco want it to look like,
unless we wanted to reverse-engineer their code. Which we don't.

If Cisco get away without resending, I suppose we can, until/unless we
work it out. DPD should mostly let us get away with it, because if the
first packet *does* get lost, DPD will soon tell us that the DTLS
connection is dead and we'll make a new one. Sucks, but that's what you
get for using crappy not-quite-RFC-compliant kit. Yay Cisco. Why not join
us in 2006 and start using the proper standard? It's not even as if it'd
be hard to support both in parallel for a while.

Thanks to Eric Barkie for the initial diagnosis.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>