AppleTLS: Enable BEAST mitigations in ST

Only available in 10.9+, but since we might be building on a previous
version but running on 10.9+, always try to set the option.

src/AppleTLSSession.cc

@@ -382,6 +382,16 @@ AppleTLSSession::AppleTLSSession(AppleTLSContext* ctx)
   (void)SSLSetProtocolVersionEnabled(sslCtx_, kTLSProtocol12, true);
 #endif
 
+  // BEAST
+  (void)SSLSetSessionOption(
+      sslCtx_,
+#if defined(__MAC_10_9)
+      kSSLSessionOptionSendOneByteRecord,
+#else
+      (SSLSessionOption)0x4, /* kSSLSessionOptionSendOneByteRecord */
+#endif
+      true);
+
 #if defined(__MAC_10_8)
   if (!ctx->getVerifyPeer()) {
     // This disables client verification