Move the SSL3_CK_CIPHERSUITE_FLAG out of public header

The newly added SSL3_CK_CIPHERSUITE_FLAG shouldn't be in a public header
file
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

include/openssl/ssl3.h

@@ -25,9 +25,6 @@
 extern "C" {
 #endif
 
-/* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */
-# define SSL3_CK_CIPHERSUITE_FLAG                0x03000000
-
 /*
  * Signalling cipher suite value from RFC 5746
  * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)

ssl/s3_lib.c

@@ -3566,7 +3566,7 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
 
 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
 {
-    if ((c->id & 0xff000000) != 0x03000000) {
+    if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
         *len = 0;
         return 1;
     }

ssl/ssl_locl.h

@@ -348,6 +348,9 @@
 
 /* we have used 0000003f - 26 bits left to go */
 
+/* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */
+# define SSL3_CK_CIPHERSUITE_FLAG                0x03000000
+
 /* Check if an SSL structure is using DTLS */
 # define SSL_IS_DTLS(s)  (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)