- specially crafted requests could bypass RewriteRule and ProxyPassMatch

- new template file: /etc/apache2/vhosts.d/vhost-ssl.template
allow TLSv1 only, browser match stuff commented out.

- rc script /etc/init.d/apache2: handle reload with deleted binaries
by message to stdout only, but refrain from sending signals.