Switch ECDHE group default logic for bridge/relay TLS

According to the manpage, bridges use P256 for conformity and relays
use P224 for speed. But skruffy points out that we've gotten it
backwards in the code.

In this patch, we make the default P256 for everybody.

Fixes bug 9780; bugfix on 0.2.4.8-alpha.

changes/bug9780

@@ -0,0 +1,8 @@
+  o Minor bugfixes (performance, fingerprinting):
+    - Our default TLS ecdhe groups were backwards: we meant to be using
+      P224 for relays (for performance win) and P256 for bridges (since
+      it is more common in the wild). Instead we had it backwards. After
+      reconsideration, we decided that the default should be P256 on all
+      hosts, since its security is probably better, and since P224 is
+      reportedly used quite little in the wild.  Found by "skruffy" on
+      IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.

doc/tor.1.txt

@@ -1642,7 +1642,7 @@ is non-zero):
     What EC group should we try to use for incoming TLS connections?
     P224 is faster, but makes us stand out more. Has no effect if
     we're a client, or if our OpenSSL version lacks support for ECDHE.
-    (Default: P224 for public servers; P256 for bridges.)
+    (Default: P256)
 
 [[CellStatistics]] **CellStatistics** **0**|**1**::
     When this option is enabled, Tor writes statistics on the mean time that

src/common/tortls.c

@@ -1369,10 +1369,8 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
       nid = NID_secp224r1;
     else if (flags & TOR_TLS_CTX_USE_ECDHE_P256)
       nid = NID_X9_62_prime256v1;
-    else if (flags & TOR_TLS_CTX_IS_PUBLIC_SERVER)
-      nid = NID_X9_62_prime256v1;
     else
-      nid = NID_secp224r1;
+      nid = NID_X9_62_prime256v1;
     /* Use P-256 for ECDHE. */
     ec_key = EC_KEY_new_by_curve_name(nid);
     if (ec_key != NULL) /*XXXX Handle errors? */