Handle bad TLSv1.2 upgrade properly #236

[ColinChartier]

I ran into this using python3.

Proof that it works (at least for me):

openssl version
OpenSSL 1.0.2g  1 Mar 2016

# python3
Python 3.5.2 (default, Nov 17 2016, 17:05:23) 
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import etcd                                                                                                                      
>>> etcd.Client(host='localhost', port=2379, cert=('/certs/cert', '/certs/key'), ca_cert='/certs/ca_cert', protocol='https').get('/')
<class 'etcd.EtcdResult'>({'expiration': None, 'value': None, 'dir': True, 'key': None, 'modifiedIndex': None, 'raft_index': 4, 'etcd_index': 3, 'createdIndex': None, '_children': [], 'ttl': None, 'action': 'get', 'newKey': False})

# python2
Python 2.7.12 (default, Nov 19 2016, 06:48:10) 
[GCC 5.4.0 20160609] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import etcd
>>> etcd.Client(host='localhost', port=2379, cert=('/certs/cert', '/certs/key'), ca_cert='/certs/ca_cert', protocol='https').get('/')
<class 'etcd.EtcdResult'>({'newKey': False, 'raft_index': 4, '_children': [], 'createdIndex': None, 'modifiedIndex': None, 'value': None, 'etcd_index': 3, 'expiration': None, 'key': None, 'ttl': None, 'action': u'get', 'dir': True})
>>> etcd.Client(host='localhost', port=2379, cert=('/certs/cert', '/certs/key'), ca_cert='/certs/ca_cert', protocol='https', allow_reconnect=True).get('>
<class 'etcd.EtcdResult'>({'newKey': False, 'raft_index': 4, '_children': [], 'createdIndex': None, 'modifiedIndex': None, 'value': None, 'etcd_index': 3, 'expiration': None, 'key': None, 'ttl': None, 'action': u'get', 'dir': True})

[ColinChartier]

Not sure how you'd test this in a unit test, and I'm (unfortunately) too busy to dockerize a minimal acceptance test for this.

Your choice as to how to proceed I suppose.