Consistently order ECDHE_ECDSA over ECDHE_RSA.

Currently we don't express an opinion. Most sites aren't likely to have a
choice since it depends on what certificates they have available. But we may as
well order them.

Change-Id: I4fffa5e392f42e19823cb8faa2e9e15a6bb91086
Reviewed-on: https://boringssl-review.googlesource.com/2607
Reviewed-by: Adam Langley <agl@google.com>

ssl/ssl_ciph.c

@@ -1031,7 +1031,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_meth
 	/* Now arrange all ciphers by preference:
 	 * TODO(davidben): Compute this order once and copy it. */
 
-	/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
+	/* Everything else being equal, prefer ECDHE_ECDSA then ECDHE_RSA over
+         * other key exchange mechanisms */
+	ssl_cipher_apply_rule(0, SSL_kEECDH, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD, -1, 0, &head, &tail);
 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, 0, &head, &tail);
 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, 0, &head, &tail);