Disable session resumption

We may potentially be vulnerable to session resumption attacks, such as:

https://secure-resumption.com/

... since we use client certs extensively. It appears that just completely disabling session resumption would prevent this. A bit of an elephant gun, perhaps, but whatever.
