Dynamically disable ciphers based on DH key length

[rugk]

I have two ideas.

1. ~~General: Make it possible to block sites if they fall under a specific score. I'm not quite sure if that's really such useful, but I'd like to hear your opinions on this.~~
2. Block by specific "parameters": Here I'm especially referring to the Logjam attack (see https://github.com/sibiantony/ssleuth/issues/38). There I would like to be able to block all connections with DH keys with smaller than 2048bit. (of coure this depens on https://github.com/sibiantony/ssleuth/issues/22) In this case a downgrade to the next cipher in the list (using RSA without Forward Secrecy) is more secure, so the ideal thing would be this to happen.

[sibiantony]

1. Is do-able - however, there are plenty of unencrypted sites people visit regularly. Even very popular ones. It may not be a good idea to block http-only sites from SSleuth - there are other better add-ons that does something similar (HTTPS everywhere etc.). Also I believe it is better to have some Key-exchange/encryption than nothing at all. So dropping connections only for the low-scored https sites may not be such a good idea. If you're worried about specific Key-exchange and/or cipher-suite simply disable the cipher suite and you're good to go.
2. Can be done, and is worth the effort. Again this depends on #22, Mozilla has to expose those in an interface. Then downgrading to another cipher suite really depends on the server-side ciphers-suite preferences and Firefox enabled list. Can't be controlled by an add-on.

[rugk]

1. Okay, this explanation makes sense. So let's focus on 2 for this issue.