this patch adds sha256 mac support and enables two ciphers that use
it, TLS_RSA_WITH_AES_128_CBC_SHA256 and
TLS_RSA_WITH_AES_256_CBC_SHA256.

i'm not sure if initsha2_256key is the right place to call error if
the tls version is wrong.

feedback welcome.

mischief