Don't change s->version after have_version is set.

Those version checks are if renego tried to change the version, but at that
point we're out of the initial null cipher and should leave the version fixed.

(On the server end, the code in question was dead after the version negotiation
rewrite anyway.)

Change-Id: I3242ba11bc9981ccf7fdb867176d59846cc49dd9
Reviewed-on: https://boringssl-review.googlesource.com/2605
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_clnt.c

@@ -794,7 +794,6 @@ int ssl3_get_server_hello(SSL *s)
 	else if (server_version != s->version)
 		{
 		OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_WRONG_SSL_VERSION);
-		s->version = (s->version & 0xff00) | (server_version & 0xff);
 		al = SSL_AD_PROTOCOL_VERSION;
 		goto f_err;
 		}

ssl/s3_srvr.c

@@ -1148,12 +1148,6 @@ int ssl3_get_client_hello(SSL *s)
 		                 :	(s->client_version < s->version))
 		{
 		OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_WRONG_VERSION_NUMBER);
-		if ((s->client_version>>8) == SSL3_VERSION_MAJOR &&
-			!s->s3->have_version)
-			{
-			/* similar to ssl3_get_record, send alert using remote version number */
-			s->version = s->client_version;
-			}
 		al = SSL_AD_PROTOCOL_VERSION;
 		goto f_err;
 		}