Allow any TLS version for STARTTLS check

[vbrown608]

From the tls package docs:

// MinVersion contains the minimum SSL/TLS version that is acceptable.
// If zero, then TLS 1.0 is taken as the minimum.

By my reading that means the STARTTLS check will fail if the server has STARTTLS enabled but is using SSLv2/3 (this is borne out by adding a test). Since we return if STARTTLS fails, the checker won't reach the version test and the result might be a bit confusing.

We may want to specify the lowest possible min version for the STARTTLS check to avoid a confusing failure - then we can catch the issue in the version check.

[vbrown608]

Seems like Go doesn't support connecting as a client with SSL 3.0: https://golang.org/src/crypto/tls/handshake_client.go#L276.

When I set the min version for the client (ie the checker) to SSL 3.0 and try to connect to a server that only supports SSL 3.0 I still see tls: server selected unsupported protocol version 300.

[vbrown608]

Rather than trying to support SSL 3.0, we're just going to tweak the code/error message so it's a bit clearer what's going on.

[vbrown608]

Something like https://github.com/zmap/zcrypto could be useful.