Comment 2 for bug 1281071

Got to the bottom of it. Our code for generating certificates is wrong: we specify the certificate's x509 Key Usage as "data encipherment". This is wrong: TLS does not use certificates to encipher the data stream, it uses them to (a) prove identity, (b) encipher keys, and (b) perform key agreement/establishment. Later, symmetric encryption is used to encrypt the data stream.

The Key Usage should be: digital signature + key encipherment + key agreement. Alternatively, we can just use the serverAuth Extended Key Usage (which is what I'll change it to do).